Threat Report

CTC’s July 2019 Threat Report

Along with rotary dial phones, cassette-playing Sony Walkman devices, and CRT televisions, add another victim to advancing technology: battle lines. Today, no one is afforded a clear demarcation point between potential conflict and peace. That includes, as we see below, your company.

The U.S. Goes After Iran with Cyber Attacks; Iran Attacks Industries

Following the downing of one of its drones in the region — and initially planned in retaliation for mine attacks on tankers in the Gulf of Oman — the U.S. launched a cyber attack against Iranian weapons systems in late June. It’s yet another example of how aggressions between state actors can move from traditional battlefields to virtual ones.

Unlike those battlefields of old, however, there’s no clear delineation between the front lines of combat. The Saturday after the launch of U.S. efforts, a Department for Homeland Security official noted that Iran attacks against the U.S. had increased; note the targets (in bold) from this BBC report:

Christopher Krebs, the director of the Cybersecurity and Infrastructure Security Agency, said “malicious cyberactivity” was being directed at U.S. industries and government agencies by “Iranian regime actors and their proxies.”

They were using “destructive ‘wiper’ attacks,” he said, using tactics such as “spear phishing, password spraying, and credential stuffing” in a bid to take control of entire networks. 

Help prepare your team by reviewing 6 Social Engineering Scams To Guard Against and 1 Thing You Must Know About Social Engineering.

Florida Agrees to Pay Hacker $600,000

It doesn’t take an entire country to cause enormous problems for IT departments and the enterprises they serve.

One Florida city is paying a hacker $600,000 in ransom for the return of control over its computers. The hacker gained control, according to CNN, “after an employee clicked on a malicious email link three weeks ago.”

The article notes that, since 2013, roughly 170 county, city, or state government systems have been attacked.

Such attacks are relatively easy for hackers to perpetrate. And as we see in this instance, the proposed payoff is big — provided that it isn’t followed by an arrest or conviction, of course.

An Unwanted Piece of Pi makes NASA Vulnerable

The Raspberry Pi Foundation touts its eponymous Raspberry Pi hardware as “low-cost, high-performance computers” that are “fun.”

Decidedly less fun: The Raspberry Pi device connected to NASA’s Jet Propulsion Laboratory (JPL) network without authorization that allowed hackers to gain entry to the agency’s confidential data about Mars. 

The Raspberry Pi was not properly cataloged within an internal database meant to store information about devices on the JPL network.

READ MORE: 5 Top Endpoint Security Providers for 2019

Step Up Your Lines of Defense Today

Ensuring that your systems are protected as well as possible is the surest first step you can take to protect yourself and your associates from threats near and far. Whether that means shoring up your firewall protections, making sure harmful computer viruses can’t find a foothold in your company, or any other crucial move, there’s no better time to start than now.