The U.S. Department of Homeland Security has issued a warning about the possibility of cyber attacks from Iran in the wake of the killing of the top Iranian military commander Qassem Soleimani.
Tensions have escalated with Iran following the U.S. airstrike that left Soleimani dead last week, including with U.S. officials who criticized the decision to kill the Iranian leader.
In response, the DHS has advised organizations to be ready to defend against potential cyber-attacks launched by Iran. Christopher Krebs, Director of the DHS Cybersecurity and Infrastructure Security Agency (CISA), claims that it's "time to brush up on Iranian TTPs and pay close attention to your critical systems, particularly ICS". He also warns organizations to pay close attention to third part accesses.
On Saturday, the DHS issued a new National Terrorism Advisory Systems bulletin, which describes current developments and general terrorist threats and trends.
There's been no details released on any specific threats to look out for, but the DHS has warned that Iran is fully capable of carrying out attacks on the U.S. which could have temporary disruptive effects against critical infrastructure.
A group of hackers alleging to be from Iran breached the website of the U.S. Federal Depository Library Program over the weekend in response to Soleimani's death, replacing the website with a page titled "Iranian Hackers!" and displaying images of Ayatollah Ali Khamenei and the Iranian flag.
The attack did not appear to be sophisticated though. It's been reported that the website is powered by Joomla and the hackers most likely exploited a known vulnerability in one of its components.
Implementing real-time Host Intrusion Detection technology is the only way to ensure that systems remain secure at all times, and should an attack be successful, at least your organization will be notified in real-time to act as quickly as possible and minimize the potential impact.