720-891-1663
Return to the list of client alerts
In light of the tensions that currently exist between the US and Iran, Homeland Security’s Cybersecurity and Infrastructure Security Administration (CISA) issued a warning to businesses and consumers in the US.
CISA says that it has already seen a rise in malicious cyber activity directed at US businesses.
In particular, they are seeing so called wiper attacks where the attacker deletes all data that it can with no warning and no request for money. The objective is just to do as much damage as possible to US interests.
We saw a similar style attack in 2012 against Saudi Aramco, which required that the company replace 300,000 disk drives, causing a shortage in the world disk drive market for months.
The attack methods are traditional – spear phishing, credential stuffing and password spraying.
The best defense is also the hardest one – the human beings.
Also, make sure that all critical data is backed up and if possible, backed up offline. While this will not protect you from having to replace hardware, and that takes time and money, replacing data is sometimes impossible.
Finally, make sure that the patches on all systems – end user and servers – are current. All it takes is one unpatched system (think Equifax) to bring the whole enterprise down.
It is important to consider that much more data is stored in the cloud and if a user can modify or delete the cloud data, so can the wiper malware. Make sure you understand, in the cloud shared responsibility model, what backups you are responsible for and what backups your cloud service provider might possibly (or not) be doing for you.
Note that this style of attack operates in the background and may not provide any visible indication that a system has been compromised. Once compromised, it figures out how to move around inside the network and do as much damage as possible.
Source: DHS CISA Alert.