The combat operations initiated on June 12 between Israel and Iran, as with the ongoing Ukraine-Russia conflict, once again place organizations on alert for any cyber operations either directly or adjacently related to the conflict.
Trustwave SpiderLabs’ threat intelligence organization is monitoring the situation and is utilizing all the security tools at its disposal to protect Trustwave’s clients from related cyber threats and to bring actionable threat intelligence to the market at large.
As of June 16, the team has seen no evidence of any incidents related to the conflict impacting outsiders, but it noted that there is certainly a cyber element to this conflict. Organizations in the critical infrastructure, defense, and government sectors are likely at higher risk but other industries and organizations should closely monitor the situation as well.
The Cyber Front: Israel and Iran
Israel and Iran are no strangers to cyberwarfare. Iran for example, under the guise of threat groups such as APT34/Oilrig, is well-known for conducting a wide variety of cyberattacks against Israeli and Western targets.
According to published reports, Iran may have launched several attacks in the days leading up to the conflict. Iran’s activity, including threats to Operations Technology (OT) such as critical infrastructure, has been well-documented by CISA.
Standing on Guard Worldwide
In addition to direct attacks related to the conflict, it is common practice for even uninvolved threat actors to take advantage of the news cycle and the public’s heightened awareness of an event to boost the credibility of their social engineering operations. Trustwave SpiderLabs covered these tactics in depth in How Cybercriminals Use Breaking News for Phishing Attacks.
Shields Up: Proactive Cyber Hygiene and Preparedness
Trustwave, as always, encourages all organizations to follow cybersecurity fundamentals as a basis for staying safe. These are included in CISA’s Shields Up protocol and are further clarified by Trustwave SpiderLabs in this blog.
Maintaining a robust cybersecurity posture is essential during periods of heightened cyber risk. Trustwave recommends that organizations adopt the following measures:
- Ensure patches are up-to-date, secure passwords, implement multi-factor authentication (MFA), and limit access privileges to vulnerable systems.
- Focus on areas highlighted by CISA as the most likely to be exploited, including Remote Desktop Protocol (RDP), misconfigured cloud services, and unpatched software.
- Actively hunt for threat actors attempting to evade your defenses. Ensure incident response teams are well-prepared with Digital Forensics and Incident Response (DFIR) retainers in place and that all technology systems are finely tuned.
- Conduct tabletop exercises to simulate potential cyberattacks and refine your response strategies.
Trustwave is here to help and has a number of capabilities that can help organizations prepare for and defend against potential collateral impact from this conflict.
Stay tuned for additional updates as appropriate.
For additional support and information, visit our .
