Shields Up: ISACs Warn of Potential Cybersecurity Impacts from Conflict in the Middle East

The threat of heightened conflict in the Middle East grows daily as U.S. President Donald Trump signals his intent to militarily back Israel in its conflict against Iran. With both countries launching attacks, the American leader has discussed a potential imminent escalation in the conflict and cybersecurity information sharing groups have responded by warning CNI operators to be on the alert.

Last week, the Food and Agriculture Information Sharing and Analysis Center (Food and Ag-ISAC) and the Information Technology - Information Sharing and Analysis Center (IT-ISAC) issued a joint statement on the possible cyber fallout:

Historically, Iranian state-sponsored actors, pro-Iran hacktivist groups, and financially motivated cybercriminals have launched attacks against U.S. organizations during periods of heightened conflict. In light of this, the Food and Ag-ISAC and IT-ISAC recommend companies take immediate steps to proactively assess their cyber preparedness, enhance their defenses, and prepare for a range of cyber activity, some of which could potentially be disruptive.

The threat intelligence advisory from these sectoral security groups suggests that companies should study up on Iranian-affiliated threat actors and their TTPs and refine existing security controls to enhance monitoring and detection capabilities.

Pattern of attack

This concern about increasing attacks on U.S. critical infrastructure linked to wider geopolitical unrest is not new.

Following the 7th October 2023 attack on Israel's border, the Iranian government-linked hacking group Cyber Av3ngers compromised multiple U.S. water facilities that were using Israeli-made control panels.

Whilst the reported disruption was said to be "single digit" and minimal in nature, the hackers defaced Unitronics PLCs with the message "Every equipment ‘Made in Israel’ is Cyber Av3ngers legal target."

Politico reports that "Virtually every critical infrastructure sector is on high alert" as a result of the Middle Eastern unrest with ISACs for the electricity, aviation, financial services and state and local government sectors ready to send alerts to members to stay vigilant.

In the past, CISA has also provided priority Shields Up guidance to business executives, corporate organisations, and families, on how to stay safe and secure online.

Iranian APT Resources

Nation state backed actors have signature capabilities and techniques with the FVEY nations stating that Iranian groups have previously used brute force, such as password spraying, and multifactor authentication (MFA) ‘push bombing’ to compromise user accounts and obtain access to organisations.

Review these other sources of intelligence on Iran and ensure that you're proactively monitoring for and acting on new advisories:

• CISA provides Iran Cyber Threat advisories and most recently advised on IRGC-Affiliated Cyber Actors Exploit PLCs in Multiple Sectors
• Iranian Cyber Actors Impersonate Model Agency in Suspected Espionage Operation | Unit 42
• UNC1860 and the Temple of Oats: Iran’s Hidden Hand in Middle Eastern Networks | Google Cloud
• Targeted manipulation: Iran's social engineering and spear phishing campaigns - Canadian Centre for Cyber Security (CCCS)
• The Iran Threat — FBI