Yesterday in partnership with the DHS, the FBI and numerous international agencies, CISA released a joint guidance document to help civil society organizations and individuals reduce the risk of cyber intrusions and encourage software manufactures to actively commit to implementing Secure by Design practices to help protect vulnerable and high-risk communities.
“Civil society, comprised of organizations and individuals such as– nonprofit, advocacy, cultural, faith-based, academic, think tanks, journalist, dissident, and diaspora organizations, communities involved in defending human rights and advancing democracy–are considered high-risk communities. Often these organizations and their employees are targeted by state-sponsored threat actors who seek to undermine democratic values and interests,” CISA’s release read.
Civil society organizations and individuals are encouraged to implement the following best practices as defined by CISA’s Cross-Sector Cybersecurity Performance Goals:
- Keep software and applications updated on devices and IT infrastructure
- Use multifactor authentications and use strong passwords
- Audit accounts and disable unused and unnecessary accounts
- Disable user accounts and access to organizational resources for departing staff
- Apply the Principle of Least Privilege
- Exercise due diligence when selecting vendors, such as cloud services and MSPs
- Manage architecture risks
- Implement basic cybersecurity training
- Develop and exercise incident response and recovery plans
- Use encryption measures to protect all communications
Software manufacturers are strongly encouraged to embrace Secure by Design principles and mitigations to improve the security posture for their customers include:
- Vulnerability management. Working to eliminate entire classes of vulnerability in their products
- Enabling MFA by default in all products
- Provide logging at no additional charge and alert customers of suspicious or anomalous behavior
- Implement alerts so customers are aware of unsafe configurations, suspicious behavior, and malware
- Include details of a Secure by Design program in corporate financial reports.
Dave Ratner, CEO, HYAS had this to say:
“Security by design is a good practice to implement and goes hand-in-hand with the equivalent for enterprise network design — designing for cyber resiliency. Too often security is an after-thought; with both security by design for software engineering, and cyber resiliency design for networks and organizations, the overall design becomes foundationally secure, and that’s exactly what is needed going forward to combat the continued onslaught of new and innovative attacks and risks.“
What I like about this initiative is that it is targeting a group of people who likely don’t spend a lot of time and effort to make sure that they are secure. Yet they are low hanging fruit for threat actors. Hopefully this generates results and civil society organizations and individuals are better protected as a result.
DHS Drops Warning About Iran Launching Cyberattacks Against The US
Posted in Commentary with tags DHS, Iran on June 23, 2025 by itnerdA DHS NTAS Bulletin is out that everyone should read given the escalated situation between the US and Iran:
The ongoing Iran conflict is causing a heightened threat environment in the United States. Low-level cyber attacks against US networks by pro-Iranian hacktivists are likely, and cyber actors affiliated with the Iranian government may conduct attacks against US networks. Iran also has a long-standing commitment to target US Government officials it views as responsible for the death of an Iranian military commander killed in January 2020. The likelihood of violent extremists in the Homeland independently mobilizing to violence in response to the conflict would likely increase if Iranian leadership issued a religious ruling calling for retaliatory violence against targets in the Homeland. Multiple recent Homeland terrorist attacks have been motivated by anti-Semitic or anti-Israel sentiment, and the ongoing Israel-Iran conflict could contribute to US-based individuals plotting additional attacks.
Tom Pace, former Head of Cyber for the Department of Energy (DoE) and current CEO of NetRise, provides his thoughts on what CISOs in the US are doing to prepare for potential retaliatory cyberattacks by Iran:
CISOs are moving quickly to prepare for potential Iranian retaliation in cyberspace by tightening access controls, validating backups, and watching for TTPs tied to groups like APT33 and APT34, which are tied to Iran. Coordination with ISACs and federal partners is essential to stay current on threat intelligence and emerging attack patterns.
This moment reinforces the urgency of visibility to know what code is running where, what it’s connected to, and whether it’s vulnerable or end-of-life. Software supply chain security is no longer an abstract concept. It’s a frontline defense against adversaries who exploit opaque systems. CISOs are asking: if Iranian actors drop a custom wiper tomorrow, would we know which systems could execute it?
Iran is going to be targeting low-hanging fruit vulnerabilities that they know they can exploit, or target outdated SOHO routers and infrastructure for the purposes of creating low to moderate scale botnets.
China tends to have very explicit goals and outcomes that they are pursuing, which tend to center around intelligence gathering and positioning. Iran may be looking to cause more destruction, given the attacks on their country. These targets may be small and incapable of defending themselves and hold little to no strategic value, but Iran needs to have a response that provides the illusion that they are a competent actor on the world stage.
This threat while being directed at the US may spill over to countries that are aligned with the US. Thus if you’re responsible for defending your organization from cyberattacks, consider this a heads up to redouble your efforts regardless of where you are.
1 Comment »