September 17, 2019

September 16, 2019

Subscribe to Latest Legal News and Analysis

DHS Warns Businesses of Risk of Iranian Based Wiper Malware Attacks

The tension with Iran has generally increased, it has been reported that the U.S. has launched a cyber-attack against Iran, and in retaliation, the risk of Iranian-backed wiper malware attacks against U.S. businesses and governmental agencies has increased according to the Department of Homeland Security (“DHS”).

DHS recently issued a warning to U.S. businesses to be on high alert for Iranian-backed wiper malware attacks that are being launched in the traditional ways of phishing and spear phishing campaigns, social engineering, credential stuffing or password spraying.  Wiper malware is particularly vicious because it doesn’t just steal money, data or trade secrets like traditional malware and ransomware, but once introduced into a company’s system, it completely wipes all of the data and it can’t be retrieved by paying a ransom. This would obviously be devastating to a business, critical infrastructure or governmental agency — potentially more devastating than we have seen with ransomware attacks’ impact on businesses and municipalities.

To put it in perspective — in 2017, NotPetya wiper malware was resulted in global financial losses of between $4 billion and $8 billion. Further, Carbon Black recently reported that 45% of healthcare CISOs have experienced a wiper malware attack in the past 12 months. As a reminder, the malware SamSam, which crushed the healthcare industry several years ago, was launched by Iranian-backed attackers.

DHS urges businesses to be on high alert and to address any incidents. According to DHS, all of these attack methods can be blocked with basic cybersecurity measures including:

  • enforce the use of strong passwords/passphrases

  • change all default passwords

  • rate limit logins

  • identify and prohibit forwarding rules

  • apply the rule of least privilege when setting permissions

  • implement multi-factor authentication

  • close unused ports

  • disable RDP

  • prompt patching

  • adopt a robust backup strategy, and

  • provide security awareness training and education to employees.

These are all basic cybersecurity measures to implement. Nonetheless, DHS states that presently all U.S industries, government agencies, and businesses should be alert to the risk of wiper malware attacks coming out of Iran.

Copyright © 2019 Robinson & Cole LLP. All rights reserved.

TRENDING LEGAL ANALYSIS


About this Author

Linn F. Freedman, Robinson Cole Law Firm, Cybersecurity and Litigation Law Attorney, Providence
Partner

Linn Freedman practices in data privacy and security law, cybersecurity, and complex litigation. She provides guidance on data privacy and cybersecurity compliance to a full range of public and private clients across all industries, such as construction, education, health care, insurance, manufacturing, real estate, utilities and critical infrastructure, marine, and charitable organizations. Linn is a member of the firm's Business Litigation Group and chairs its Data Privacy + Cybersecurity Team. She is also a member of the Financial Services Cyber-Compliance Team (CyFi ...

401-709-3353