Alertness remains a necessity in protecting websites from hackers, Silviu Stahie advises on the Hot for Security website. “If the latest reports are to be believed,” he warns, “Iran-backed hackers are probing U.S. critical infrastructure by using password-spraying attacks, looking for weakness and human laziness.”
He continues: “It’s no surprise, that, following the conflict between the United States and Iran so far this year, hacking activities are on the rise. It’s impossible to say with certainty that the threats originate from Iran but the modus operandi is similar to patterns of the last decade…
“A report from industrial security company Dragos shows that a group called MAGNALLIUM (also known under the APT33 name, Refined Kitten and Elfin) is targeting industrial control systems (ICS).
“In the fall of 2019, following increasing tensions in the Middle East, Dragos identified MAGNALLIUM expanding its targeting to include electric utilities in the U.S. MAGNALLIUM appears to still lack an ICS-specific capability, and the group remains focused on initial I.T. intrusions,” reads the report.
“The use of a password-spraying attack means they may not have a way in, at least not at the moment. On the other hand, it would also be a way to create a lot of noise to cover their tracks.”