Intelligence agencies issue guidance to protect against Iranian cyber attacks during elections
CISA and the FBI advise all potential targets to implement protective measures, such as securing personal and business accounts with phishing-resistant multifactor authentication (MFA).
The FBI and Infrastructure Security and Cybersecurity Agency issued guidance acknowledging the threat posed by Iran during the presidential election.
The agencies reported that Iranian hackers aim to undermine confidence in the U.S. election system. On Tuesday, intelligence services urged politicians and their teams to strengthen their cybersecurity measures to combat this threat.
"The Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) have observed actors affiliated with the Iranian Government’s Islamic Revolutionary Guard Corps (IRGC) targeting and compromising the personal and business email accounts of Americans, probably to stoke discord and undermine confidence in U.S. democratic institutions," the guidance explained.
Politics
Three Iranian hackers charged by DOJ with orchestrating cyberattacks against Trump campaign
Sabrina Martin
CISA and the FBI recommend that all potential victims implement protective measures, such as securing personal and business accounts with phishing-resistant multifactor authentication (MFA). They advise that MFA reflying on SMS or email-based authenticators is not sufficient to defend against the specific tactics used by these actors.
One key recommendation for detecting and identifying potential hacking attempts is to be cautious of unsolicited contacts, either from people you don't know personally or from contacts claiming to be using a new account or phone number.
You should also be especially wary of unusual email requests from people you know, accounts that attempt to send links or files through social media, especially if they come from people you do not know or individuals who do not typically share files in that manner.
Also, be on the lookout for unsolicited e-mail messages that contain shortened links (e.g., tinyurl and bit.ly).
Meanwhile, organizations and political figures can help prevent or mitigate the effects of an incident by doing the following:
- Requiring phishing-resistant MFA for all employees. Phishing-resistant MFA (i.e., physical security key or password) offers the highest level of protection.
- Provide employees with an enterprise password manager that enables random generation of unique passwords for each account.
- Enable anti-phishing and anti-spoofing security features provided by e-mail service providers that automatically block malicious e-mails.
- Train staff to only use official accounts for business, never personal accounts. Official accounts usually have more protections and security measures than personal accounts.
- Train staff to confirm unusual or suspicious emails or messages from known or unknown contacts via a different communication method than the one that has been compromised.
- Recommend that employees routinely update the software on their personal devices and activate MFA for their personal accounts.
- Add an email banner to messages sourced from outside your organization.
- Activate alerts for suspicious activity, such as logins with foreign IP addresses.