CISA Issues Alert on Iranian Brokers Selling Access to Critical Infrastructure.
The notice includes essential guidelines for maintaining safety.
Iranian threat actors are operating as initial access providers, offering access to critical infrastructure organizations in the West to the highest bidder. A recent joint security alert from various cybersecurity agencies, including the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the FBI, the NSA, as well as Canadian and Australian institutions, reveals that these hackers are executing brute force attacks, such as password spraying and utilizing MFA push bombing, among others.
Since October 2023, attackers have focused their attention on organizations in the health and public health sector, as well as government, information technology, engineering, and energy. Their main objective is to obtain access credentials and map the victims' infrastructure, establishing persistence by modifying MFA records. This information is then sold on the dark web, where it is estimated to be traded to other actors who may carry out additional malicious activities.
To counter these attacks, CISA and its partners recommend that companies review password management in their IT support, implementing proper practices for password resets and managing shared accounts. It is also essential to deactivate user accounts and access to organizational resources for departing staff, implement phishing-resistant MFA, and continuously review the configuration of MFA.
Additionally, it is advised to provide basic cybersecurity training to employees, track failed login attempts, and instruct users to ignore MFA requests that they did not initiate. Moreover, it is important to ensure that accounts with MFA have their settings correctly configured, as well as to follow password policies in line with the latest NIST Digital Identity Guidelines and meet minimum password strength requirements.
CISA concludes that all these actions are considered cybersecurity best practices, with the aim of significantly reducing risks to both critical infrastructure operations and the American public.
