DHS Warns Businesses of Risk of Iranian Based Wiper Malware Attacks
Tuesday, July 2, 2019
Iranian Based Wiper Malware Attacks Risk High

Related Practices & Jurisdictions
Print Mail Download i

The tension with Iran has generally increased, it has been reported that the U.S. has launched a cyber-attack against Iran, and in retaliation, the risk of Iranian-backed wiper malware attacks against U.S. businesses and governmental agencies has increased according to the Department of Homeland Security (“DHS”).

DHS recently issued a warning to U.S. businesses to be on high alert for Iranian-backed wiper malware attacks that are being launched in the traditional ways of phishing and spear phishing campaigns, social engineering, credential stuffing or password spraying.  Wiper malware is particularly vicious because it doesn’t just steal money, data or trade secrets like traditional malware and ransomware, but once introduced into a company’s system, it completely wipes all of the data and it can’t be retrieved by paying a ransom. This would obviously be devastating to a business, critical infrastructure or governmental agency — potentially more devastating than we have seen with ransomware attacks’ impact on businesses and municipalities.

To put it in perspective — in 2017, NotPetya wiper malware was resulted in global financial losses of between $4 billion and $8 billion. Further, Carbon Black recently reported that 45% of healthcare CISOs have experienced a wiper malware attack in the past 12 months. As a reminder, the malware SamSam, which crushed the healthcare industry several years ago, was launched by Iranian-backed attackers.

DHS urges businesses to be on high alert and to address any incidents. According to DHS, all of these attack methods can be blocked with basic cybersecurity measures including:

  • enforce the use of strong passwords/passphrases

  • change all default passwords

  • rate limit logins

  • identify and prohibit forwarding rules

  • apply the rule of least privilege when setting permissions

  • implement multi-factor authentication

  • close unused ports

  • disable RDP

  • prompt patching

  • adopt a robust backup strategy, and

  • provide security awareness training and education to employees.

These are all basic cybersecurity measures to implement. Nonetheless, DHS states that presently all U.S industries, government agencies, and businesses should be alert to the risk of wiper malware attacks coming out of Iran.

Copyright © 2024 Robinson & Cole LLP. All rights reserved.

Current Legal Analysis

More from Robinson & Cole LLP

The Department of Education Releases Significant Revisions to Title IX Regulations
by: Kathleen E. Dion , Seth B. Orkand
Privacy Tip #394 – Colorado Amends Privacy Law to Include Neurodata
by: Linn F. Freedman
New Threat: Scattered Spider International Coalition of Hackers
by: Linn F. Freedman
Joint Guidance Published by Five Eyes on Deploying AI Systems Securely
by: Linn F. Freedman
U.S. Government Intervenes in Case Alleging Unauthorized Disclosure of CUI
by: Data Privacy & Cybersecurity Robinson Cole
DoorDash Settles with California Attorney General for Alleged Violations of the CCPA
by: Kathryn M. Rattigan
The State of AI Governance and Diversity: Takeaways from the AI Index Report
by: Blair V. Robinson
Weight Loss, Miracle Medications & the Workplace
by: Abby M. Warren
Additional States Implement Notice Requirements for Healthcare Transactions
by: Leslie J. Levinson , Danielle H. Tangorre
Privacy Tip #393 – Phishing, Smishing, Vishing and Qrishing Schemes Continue to Dupe Users
by: Linn F. Freedman

Upcoming Legal Education Events

 

NLR Logo

We collaborate with the world's leading lawyers to deliver news tailored for you. Sign Up to receive our free e-Newsbulletins

 

Sign Up for e-NewsBulletins