The National Security Agency (NSA), the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the Communications Security Establishment Canada (CSE), the Australian Federal Police (AFP), and the Australian Signals Directorate (ASD), Australian Cyber Security Centre (ACSC) and others have jointly released a Cybersecurity Advisory (CSA).

They warn network defenders of malicious activity that can enable persistent access in sensitive systems being brought about by ‘Iranian cyber actors’ brute force and credential access activity which compromises critical infrastructure networks. In the recent past the Iranian actors have targeted multiple critical infrastructure sectors, including healthcare, government, information technology, engineering, and energy.

The Advisory recommends reviewing authentication logs for system and application login failures of valid accounts and looking for multiple, failed authentication attempts across all the accounts to detect brute force activity such as password spraying. To be vigilant and reduce the chances of the occurrence of this activity, the Advisory recommends measures such as implementing phishing-resistant multi-factor authentication (MFA), continuously reviewing MFA settings, providing cybersecurity training to users, and ensuring password policies meet minimum password strength guidelines. Read more about this story on our LinkedIn page