The Department of Homeland Security’s cybersecurity team released an advisory Jan. 6 warning public and private sector organizations of increased cyberattacks after the United States killed a top Iranian general.
The guidance from DHS’ Cybersecurity and Infrastructure Security Agency, which is charged with protecting critical infrastructure from cyberattacks, recommended that organizations review their emergency preparedness plans and stay up to date on current threat intelligence. The advisory comes as CISA and other government entities prepare for retaliatory action from Iran that experts say will likely include cyberattacks.
“Knowing how you, your organization, and your personnel may be exposed or targeted during increased tensions can help you better prepare ... Review your organization from an outside perspective and ask the tough questions — are you attractive to Iran and its proxies because of your business model, who your customers and competitors are, or what you stand for?” officials wrote.
The advisory warns of physical and cybersecurity threats from Iran in retaliation for a U.S. drone strike in Baghdad that killed Iranian Gen. Qasem Soleimani, an influential leaders in the Middle East. It outlines several ways in which Iranian actors could hit back at the United States, including disruptive or destructive cyberattacks, cyber espionage and disinformation campaigns. One of Iranian cyber actors preferred cyberattacks are wiper attacks, which erases data off a hard drive.
“Iran has exercised increasingly sophisticated capabilities to suppress social and political perspectives deemed dangerous to its regime and to target regional and international adversaries,” CISA officials warned in the document. “Iran and its proxies and sympathizers have a history of leveraging cyber and physical tactics to pursue national interests, both regionally and here in the United States.”
The guidance also includes a reminder to ensure organizations have offline backups of critical information. It also suggests that leaders confirm their staff understand the incident reporting process and incident response plan. In the immediate aftermath of the airstrike, CISA Director Chris Krebs wrote in a tweet that organizations “brush up” on Iranian cyber actors typical tactics, techniques and procedures.
It is unclear how or when Iran will respond to the drone strike, but experts have said that it will most likely include cyberattacks, though one expert told Fifth Domain that if Iran chose to exclusively rely on cyberattacks in response, that would be the “best case scenario.”