Responding to Iranian Cybersecurity Threats

We have been monitoring a high level of malicious traffic originating from Iranian controlled networks. Due to tensions in the Middle East we expect attacks originating from Iran to not only continue, but to increase.

The United States Department of Homeland Security through Cybersecurity and Infrastructure Security Agency (CISA) Director Christopher C. Krebs has released a statement in response to the recent rise in malicious cyber activity—including spear phishing and brute force attacks—by Iranian regime actors and proxies.

The CISA Statement on Iranian Cybersecurity Threats offers some relevant tips for mitigating Iranian security incidences.

Country IP Blocks, in an effort to be proactive, has created Access Control Lists containing all IPv4 and IPv6 Networks assigned to Iran. Iran’s IPv4 networks have been aggregated and their IPv6 networks have been produced in IPv6 compressed format.

As Iran is also on OFAC’s sanctioned countries list, we believe it is important for all businesses and financial institutions operating in the United States to stay on top of their network traffic and avoid commercial dealings with any OFAC sanctioned countries.

Our Iran ACLs will allow you to block or monitor traffic specifically from Iran.

Specific ongoing Iranian threats include spear-phishing attacks, brute force attacks and possible DDos attacks, as well as others.