Federal cyber officials aren’t seeing a significant change in attacks tied to Iran since the conflict there began, at least not yet, but they are on the lookout for any uptick and are focusing on the Stryker attack in particular.
Terry Kalka — director of the Defense Industrial Base Collaborative Information Sharing Environment at The Defense Department’s Cyber Crime Center — said Thursday that “there’s some basic indicators, there’s some known” tactics, techniques and procedures, but “we’re not seeing a tremendous amount of impact yet.”
That sentiment aligns with what the acting director of the Cybersecurity and Infrastructure Security Agency, Nick Andersen, told reporters on Tuesday: “We still are seeing a steady state. We have not seen an increase or any rise of threat actor activity.”
But both men said they’re monitoring to see if that changes. “We are very much on the alert for, if not Iran, Iran-influenced actors,” Kalka told CyberScoop at the Elastic Public Sector Summit.
On Thursday, CISA issued recommendations tied to this month’s cyberattack on medical device maker Stryker, the most eye-catching cyber activity with Iran links after an Iranian hacking group known as Handala claimed credit for the attack.
CISA urged organizations to improve their defenses of endpoint management systems after the attack caused global disruptions to Stryker’s Microsoft environment. CISA made several recommendations , including to set up safeguards in Microsoft’s Intune endpoint management tool.
Stryker has contracts with the Defense Department.
“We’re all paying attention to the Stryker incident that broke last week, because there are implications there for communications technology and private information or corporate information that, even if it’s not defense Information, getting access to someone’s email and understanding the infrastructure of the company is very, very useful,” Kalka said.
Andersen said CISA has been in touch with Stryker, as has the FBI. On Thursday, it was reported that the FBI and the Justice Department took down two websites linked to Handala.
Andersen said the agency’s approach doesn’t change much because of the conflict, however.
“We just can’t take our eyes off of the fact that other adversaries continue to make maneuvers in this space,” he said at an event hosted by Auburn University’s McCrary Institute. “Cybercriminal groups continue to make moves within this space. It was not just about one nation-state at one particular point in time. We see persistent motivation across the board for people to be able to take advantage of cyber weaknesses across critical infrastructure and our traditional IT environments.”
CISA has furloughed hundreds of employees as Congress continues a standoff over funding for the Department of Homeland Security over the Trump administration’s immigration enforcement approach.
The post Feds keep eyes peeled for Iran cyberattacks, respond to Stryker breach appeared first on CyberScoop.
–
Read More – CyberScoop
