How Can Companies Guard Against Rising Nation-State Cyber Threats?

The messages from government agencies and cybersecurity leaders at the end of June were clear – nation-state-sponsored cybersecurity threats are on the rise. Pro-Iranian “hacktivists” are targeting U.S. infrastructure and businesses with increasingly sophisticated attacks. Shoring up your cybersecurity is key to protect against attacks and avoid costly data breaches.

What do we know?

A leading industrial cybersecurity company reported a 133% surge in cyberattacks backed by Iranian threat groups in May and June. Researchers noted that U.S. transportation and manufacturing companies made up most of the attackers’ primary targets.

On June 22, the Department of Homeland Security issued a National Terrorism Advisory System Bulletin asking for increased vigilance against potential cyberattacks, as Iran has publicly condemned U.S. involvement in the recent conflict between Iran and Israel. Other nation-state actors with cyber threat capabilities have also criticized U.S. involvement, including Russia, China and North Korea.

The next week, the Cybersecurity and Infrastructure Security Agency, FBI, Department of Defense Cyber Crime Center, and the National Security Agency warned businesses of potential cyber threats from Iranian-affiliated actors targeting U.S. infrastructure and entities.

The agencies cautioned that cybercriminals may exploit outdated software and weak passwords to attack U.S. networks. Recently, attackers have focused on website defacements, data leaks, and distributed denial of service (DDoS) attacks against U.S. and Israeli websites. These actors may also work with cybercriminal groups to conduct ransomware attacks and steal sensitive information.

What can businesses do to prepare?

Agencies urged companies and infrastructure operators to consider these steps to bolster their cyber defenses:

1. Identify operational technology and industrial control systems assets you use to manage industrial and infrastructure processes. Remove any direct internet connections or access points to these systems to make sure they are not accessible through the public internet. This can include:
   • Restricting and monitoring remote access
   • Adopting a deny-by-default allowlist policy
2. Protect devices and accounts with strong passwords and use multifactor authentication methods.
3. Implement role-based access controls and conditional access policies for cloud service or managed service providers.
4. Keep up with and document all software patches, firmware updates and configuration changes.
5. Put processes in place to prevent unauthorized changes, loss of view or loss of control of operational technologies.
6. Execute regular system and data backups to protect and quickly recover data in case of a breach.
7. Review, update and rehearse business continuity and cyberattack incident response plans.
8. Report suspicious activity, including online threats, to local law enforcement, FBI field offices or Homeland Security’s Fusion Centers.

Please contact Walt Green, Brie Zarzour or any member of the Phelps cybersecurity, privacy and data protection team if you have questions or need advice or guidance.