NSA issues warning of Iranian brute force cyber attacks
On October 16, the National Security Agency (NSA) joined the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and others in releasing a Cybersecurity Advisory (CSA), “Iranian Cyber Actors’ Brute Force and Credential Access Activity Compromises Critical Infrastructure Organizations,” to warn network defenders of malicious activity that can enable persistent access in sensitive systems.
Since October 2023, Iranian cyber actors have used a technique known as brute force to compromise user accounts and obtain access to organizations to modify MFA registrations, enabling persistent access.
“Our agencies are sharing detailed insight into this malicious cyber activity and what organizations can do to shore up their defenses,” said Dave Luber, NSA Cybersecurity Director. “We explain the tactics, techniques, and procedures used by the Iranian actors, as well as indicators of compromise.”
Once they have access, the Iranian actors obtain additional credentials and sell the information to users on cybercriminal forums who conduct further malicious activities. The Iranian actors have targeted multiple critical infrastructure sectors, including healthcare, government, information technology, engineering, and energy.
To detect brute force activity such as password spraying, the report’s authors recommend reviewing authentication logs for system and application login failures of valid accounts and looking for multiple, failed authentication attempts across all the accounts. To mitigate against this activity, the CSA recommends measures such as implementing phishing-resistant multi factor authentication (MFA), continuously reviewing MFA settings, providing cybersecurity training to users, and ensuring password policies meet minimum password strength guidelines.
The other authoring agencies are the Communications Security Establishment Canada (CSE), the Australian Federal Police (AFP), and the Australian Signals Directorate Australian Cyber Security Centre (ASD ACSC).
Source: NSA
IC News delivers the situational awareness you need to get ahead and stay ahead in the IC contracting space. Subscribe today for full access to 10,000+ articles, plus new articles each weekday.