With the growing conflict in the Middle East, multiple US agencies have issued warnings to raise awareness of the heightened cyber security risks that foreign states may pose to the United States, US-based companies, and US-based individuals. We are expecting cyber-attacks against the energy sector, telecommunications, dissidents, finance, Middle East research organizations, businesses who work with the USG, and other state/local governments. These foreign state attackers are generally looking for poorly secured US networks and systems to exploit. As a result, to help protect your organization, we’ve put together the following advisory with suggestions on improving cybersecurity and resilience, including:

Be Proactive

  • Review emergency communication protocols, such as phone trees and current contact information to readily respond to potential cyber attacks.
  • Ensure your Incident Response Plans are up-to-date and fit the context of potential threats, IT outages, and similar events. Consider naming an Incident Response firm, to your cyber insurance policy should an incident occur.
  • Share your organization’s concerns with staff and encourage personnel to be extra vigilant.
  • Prioritize heightened awareness of email attacks:
    • Common attacks include the use of targeted spear-phishing campaigns.; use of macro-enabled office documents; and use of fake webmail login patches (e.g. Gmail, Yahoo) – as a result, we highly recommend extra vigilance around email and email messages.
    • Consider increasing anti-phishing awareness campaigns immediately or, if you have it, increase difficulty to harden security posture.

Prevent Cyber Attacks

  • Require multi-factor authentication (MFA) for all remote access to your organization’s network and privileged file systems if not already enabled.
  • Consider disabling remote access and/or restrict access to specific known IP addresses.
  • Ensure that software stays up to date, especially those updates that address known vulnerabilities.
    • We anticipate software and systems developed outside the US to be targeted – we highly recommend removal or reducing reliance on foreign-developed software and systems.
  • Disable all ports and protocols that aren’t essential for your business.
  • Implement strong security controls for your cloud services.
  • Work with your IT personnel to improve your organization’s cyber hygiene and conduct vulnerability scanning.

Quickly Detect an Intrusion

  • Ensure that cybersecurity/IT personnel are focused on identifying and quickly assessing any unexpected or unusual network behavior as attackers may inadvertently cause ‘something strange’ due to their attack methods.
  • Protect the organization’s workstations and servers with next-generation Managed Detection and Response software.
  • Implement conditional access policies for team members to ensure logins are only from known locations.
Dept of Homeland Security Advisory