Page Loader Logo
Loading...
833-847-3280
Schedule a Call
Partner With Us

Hacking: Phishing, Malware, Password Spraying – DHS warns U.S. about Hackers

Hacking

In late June of 2019, the Department of Homeland Security (DHS) warned US companies of increased malicious cyber-activity, or hacking, from Iranian Hackers.

Consequently, DHS has urged US companies to do everything they can to protect against some of the hackers’ most common hacking practices.

These include data-wiping malware, password spraying, spear phishing, and credential stuffing.

 

What are the common hacking practices?

Data-wiping malware is just like it sounds. It deletes data on compromised systems. The purpose is usually to prevent forensic analysis.

In 2012, Iran utilized this malware scheme to attack major oil companies in Saudi Arabia and Qatar. The companies temporarily forced to stop oil production. This triggered financial losses.

Password Spraying is an attack that mimics brute force attacks.

For example, the hacker will take a commonly used password (“password”) and see how many accounts they can access with it while coming through in the internet.

Spear phishing is a type of social engineering attack where the hacker will send a detailed specific email to someone in an organization attempting to gather information.

For example, an email that comes from the CEO to the head of HR asking for social security numbers.

Credential stuffing is simply a hacker taking known information like usernames and passwords that have been leaked on third-party sites.

They will use this information to gain access to accounts that are being targeting. This is considered targeting password reuse.

An example of this is people who use same password for multiple accounts such as Banking, email, Amazon, and Facebook.

 

What does this mean for the United States?

With the United States now working against Iran, it is likely that U.S. companies will now become targets. Iranian hackers have successfully gone after energy companies in the past.

Most importantly, MainNerve is sure all U.S. industries will be easy targets.  Please take these warnings very seriously. Not only are we attempting to keep U.S., Chinese, and Russian hackers at bay, now we have gained notoriety for Iranian hackers to be placed in the queue.

In conclusion, if you would like to see how your employees react to spear phishing in a controlled way, you can purchase one of our social engineering tests.

We can provide information on who might need a little extra training.

Latest Posts

A transparent image used for creating empty spaces in columns
Welcome to today’s briefing on a crucial topic in the realm of cybersecurity: internal network penetration testing. Now, I know that the term might sound a bit intimidating but fear not. By the end of this discussion, you’ll have a solid understanding of what it…
A transparent image used for creating empty spaces in columns
 In the world of cybersecurity, there’s a misconception that a clean pen testing report means something was missed or the test wasn’t thorough enough. But here’s the truth: receiving a clean report from your penetration test is not only a positive outcome—it’s a testament…
A transparent image used for creating empty spaces in columns
Hey there, folks! Let’s get one thing straight: when MainNerve talks about penetration testing, we’re diving deep into the world of cybersecurity. But hey, we know what people think when we say “penetration testing.” So, buckle up because we’re about to compare pen testing to…
A transparent image used for creating empty spaces in columns
 In the fast-paced world of managed IT services, we know that time is money. Your clients rely on you to keep their systems secure, and you need partners who can deliver top-notch services without slowing you down. If you’re a Managed Service Provider (MSP)…
A transparent image used for creating empty spaces in columns
The primary purpose of performing a penetration test is to simulate real-world attacks on a computer system, network, or application. This is done by skilled cybersecurity professionals, who are tasked with identifying vulnerabilities and weaknesses that malicious actors could exploit. Their role is crucial in…
A transparent image used for creating empty spaces in columns
 If your business relies on older technology, you’ll want to listen up. We’re highlighting a critical weakness in many organizations’ defenses: legacy systems. What Are Legacy Systems? Legacy systems are outdated technologies that are no longer supported with updates or patches from their creators.…
contact

Our Team

Name(Required)
This field is for validation purposes and should be left unchanged.
quick links to

Our Services

On Load
Where? .serviceMM
What? Mega Menu: Services
201 E Pikes Peak Ave Suite 2025
Colorado Springs, CO 80903