Cybersecurity Fallout: Missed Security Patches Could Cripple National Infrastructure(iran news)
Source: Digiato – In an exclusive interview with Mehdi Faraji, Vice Chairman of the Tehran AFTA Commission (Information Security Management Authority), Digiato examined the cybersecurity dangers associated with internet outages.
The Danger of the “Zero-Day” Gap
Mehdi Faraji states that for over ten days, access to international repositories and services has been severed. Consequently, many servers and internal devices have failed to receive security patches, operating system updates, and security equipment signatures, including those for IDS/IPS.
As a result, new vulnerabilities—and even Zero-Day exploits released during this window—have not been patched on these devices. With a sudden reconnection of the internet, before there is sufficient time to download these updates online, attackers can utilize automatic scans and automated tools to rapidly identify and exploit these weaknesses.
The Illusion of Safety in Isolation
There is a misconception that the internet outage places us in an isolated environment that eliminates threats. However, malware or ransomware that had previously entered the network—or was transferred via physical storage media during this period—can spread through the network using what is known as “lateral movement.”
“Because threat intelligence systems and their signatures are not up-to-date, detecting these threats becomes difficult. Therefore, the moment of reconnection to the internet acts as a ‘golden window of opportunity’ for attackers. Fast scanning and exploitation occur simultaneously, and devices infected with ransomware can establish contact with Command and Control (C2) servers to activate operations like data encryption or data theft, achieving their goals in minimum time.”
What Measures Must Be Taken Before Reconnecting?
To prevent this scenario, the Vice Chairman of the Tehran AFTA Commission asserts that implementing a controlled plan at the organizational network level is essential before any widespread reconnection.
According to this expert’s recommendation, organizations should:
- Initial Controlled Access: Internet access should first be established in a limited and controlled manner within organizations.
- Prioritize Defense Tools: Defensive tools such as Antiviruses, IDS/IPS, and Firewalls should be connected first to synchronize signatures and threat intelligence.
- Isolate Critical Assets: Critical servers, such as Domain Controllers, main databases, and infrastructure services, should be kept in a separate, controlled network. Critical patches must be applied manually and securely to these servers before they are fully connected to the internet.
Furthermore, network administrators must review overly open firewall rules and implement network segmentation to limit the lateral movement of attackers and malware. Simultaneously, egress monitoring should be intensified to rapidly detect attempts to communicate with C2 servers.
The Critical Moment of Reconnection
Referring to the WannaCry experience of 2017, Faraji reiterates that such ransomware can ground a nation’s infrastructure if patches are missed. The primary danger lies in the exact moment of reconnection: when millions of unupdated devices suddenly go online.
According to Faraji, a prolonged internet outage means millions of unfinished devices coming online at once, creating two simultaneous threats:
- Auto-Scanners and Botnets: Immediately identify and exploit known weaknesses upon connection, creating a high probability of an attack explosion.
- Dormant Malware: Malware hidden in the network can simultaneously establish contact with external servers to activate malicious payloads.
He concludes by emphasizing that the only way to mitigate this risk is through a phased, controlled connection accompanied by updates and precise infrastructure monitoring; otherwise, the security consequences of this outage period could far exceed the impact of the internet cut itself.
