This week, the US Justice Department announced charges against three Iranian individuals alleged to have launched cyberattacks against U.S. and global critical infrastructure.
A senior Justice Department official disclosed that the individuals are alleged to have carried out attacks against hundreds of computers including those in the United Kingdom, United States, Russia, Israel, and organizations in Iran, beginning at least in October 2020, impacting health care, transportation and utility companies, state and county governments, and a domestic shelter.
Austin Berglas, BlueVoyant Global Head of Professional Service, provided the below commentary on the news, highlighting the importance of vulnerabilities patching, particularly in organisations that work with Critical National Infrastructure (CNI). Leveraging BlueVoyant’s threat intelligence and his own experience working within the FBI’s Cyber division, he emphasises the major threat vectors and urges organisations to respond quicker to cyber risks once identified.
“These indictments highlight a major gap in security common to multiple sectors and organizations. Unpatched infrastructure is equivalent to leaving your house key under your doormat when you leave for vacation. Allowing cyber criminals to exploit publicly available vulnerabilities prevents them from having to spend time and resources developing new ways to compromise your environment.
BlueVoyant’s threat intelligence confirms that hackers can start exploiting new vulnerabilities quickly, sometimes in a matter of days. For this reason, starting late 2021, the U.S.’s Cybersecurity & Infrastructure Security Agency (CISA) now requires that regulated government agencies patch new vulnerabilities within two weeks, and sometimes sooner if there is a grave risk. Despite the risk, BlueVoyant has found that some organizations are slow to patch, many taking weeks, leaving them vulnerable.
In addition, it is not only new vulnerabilities that are of concern. Threat vectors that have been around for many years, such as supply chain attacks, watering holes, and phishing, continue to evolve, but are still effective because of the lack of preparation of the end users and their organization.”
– Austin Berglas, BlueVoyant Global Head of Professional Service