Sophos shares security recommendations as cybersecurity experts warn Asia to brace for US-Iran cyberwar

By Chathura Thenuwara

Top cybersecurity experts at Sophos, a global leader in next-generation cloud-enabled cybersecurity solutions, shared insights and security recommendations after international threat reports warned that Asian companies would risk suffering collateral damage in a cyberwar between the US and Iran, even if the assassination of General Qassem Soleimani does not lead to an all-out military conflict.

Although both sides have backed away for now from further military action, cryptocurrency exchanges, financial infrastructure and the supply chains of American and Saudi Arabian companies are all potential targets for Iranian-backed hackers wanting to skirt US sanctions and disrupt corporate and government networks.

Principal Research Scientist at Sophos Chester Wisniewski in a media commentary highlighted that threat types such as wiper attacks and other common attack patterns would be used as forms of retaliation by the Islamic Revolutionary Guard Corps (IRGC).

“When facing a human adversary, especially one who has the support of a nation-state, one must be prepared for anything. The tools, tactics and procedures being utilised by the IRGC are remarkably similar to those used by conventional cybercrooks. Their goals might be different, million-dollar ransoms and your customers’ credit card data, instead of international drama and revenge, but the methods barely vary.”

“The disruption phase usually involves a wiper, a dual-purpose tool to both cover their tracks and to disable and disrupt the target’s ability to operate,” added Wisniewski further.

According to Sophos Senior Director – Managed Threat Response J.J. Thompson, organisations should immediately enhance prevention, detection and response capabilities to comprehensively address advanced attacks as he believes Iran is a worthy adversary.  “Fusion of applied threat intelligence data derived from open-sourced intelligence on adversary methods and tactics can be used to supplement countermeasures. With geopolitical events changing daily, discussions and questions about threat intelligence and strategies for defending against possible cyberattacks from Iran are front and centre.  

“It’s important to understand and communicate the limitations of any threat intelligence information you communicate to stakeholders, as these limitations can affect the conclusions you might reach.” 

“Some factors include your confidence in the sources, the completeness of the information, the age of the information artefacts, the investigative method used to produce that threat intelligence, interpretations of the meaning of the threat intelligence, and qualifying the conclusions,” Thompson opined. 

To protect against these types of sophisticated attacks, both experts recommended the following tips:

• Patching – Eliminate known vulnerabilities and inventory of software assets and versions
• Phishing awareness training – Educate users to follow their gut and on the increasing sophistication of malicious email
• Credential hardening – Test your user database against known breached passwords and providing tools for secure password management
• Multi-factor authentication (MFA) – Require MFA for remote access and other frequently abused services
• Application control – Watch for unauthorised use of legitimate tools
• Advanced anti-malware tools – Defend against unknown variations of known malware and exploits against zero-day and unpatched vulnerabilities