The rising tensions between Iran and the US could lead to your data disappearing. The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) issued a warning last week that Iranian “regime actors and proxies” are launching “wiper” cyberattacks against US government and industry targets. While the warning is to the US government and industry, a similar attack in 2012 wiped out 30,000 Windows-based systems in the middle-east, and thousands more as recently as December 2018 in Italy.
As with other attacks, the initial point of attack is most likely from a phishing email. If you aren’t already training your employees on how to spot phishing emails, you should be (all SomethingCool.com contract clients now receive phishing training and testing as part of our services).
Once a user has clicked on the link in the phishing email, the software can download itself onto the local machine, then spread to all computers on the network within minutes. This is why a layered approach to security so important.
This is the same way current ransomware is distributed. However, unlike ransomware, you may not know you are infected right away. Many cybersecurity experts note that this “wiper” software could be triggered on a specific date. For example, the middle-east attack happened during the Ramadan holiday, when many were out of the office and wouldn’t know about the attack until they returned. While ransomware encrypts your files and asks for money to get the files back, this malware just encrypts and removes everything on your hard drive, even the boot sector, making it impossible to recover anything.
To protect yourself and your network from this and other attacks, training is key. Train your employees to spot phishing emails. You also need to test your employees to find out who is the most vulnerable. Run phishing campaigns and make those that fail take extra training.
From a technology standpoint, employ all of the tried and true methods – use a firewall, use multi-factor authentication for all cloud services, install antivirus and anti-malware on end-user devices and at the perimeter. Most importantly, backup everything. The backups should be kept off-site and on systems that cannot get infected if malware does make it onto your local network.