The Gulf could soon witness another wave of cyberattacks amid soaring tensions in the region, and security experts are warning enterprises to take precautions.\nSaudi Arabian authorities a week ago reported that data-wiping malware dubbed "DUSTMAN" hit a regional enterprise, later reported to be Bapco, Bahrain's national oil company. The malware was based on prior data-wipers that have been linked to Iran-based, nation-state actors.\nDUSTMAN was "detonated" on Dec. 29, according to Saudi Arabia's National Cybersecurity Authority (NCSC). That was before top Iranian military commander Qasem Soleimani was killed in U.S. air strikes on Jan. 3. Though the DUSTMAN attack and the Soleimani killing were not related, Iran, which has warned of retaliation against the U.S., may resort to further cyberattacks that could involve the Gulf region, cybersecurity experts say.\nThe Middle Eastern country has a long history of launching cyberattacks against vital businesses in the Gulf and the U.S. In May and June last year for example, various hacking tools linked to Iran targeted transportation and shipping organizations based in Kuwait.\n\u00a0Security experts point to Iran\n"I think Iran is the most likely actor to have sponsored the Dustman attack against Bapco \u2026 the strongest evidence linking Iran to the Bapco attack is its past willingness to perform network attacks against oil companies, specifically ones in Saudi Arabia," said Jonathan Wrolstad,\u00a0 Symantec's cyberthreat intelligence team lead.\nThe NCSC did not specify the DUSTMAN target, but ZDNet this week reported that it was Bapco, citing multiple sources. Bapco did not immediately respond to a CIO Middle East request for comment.\nSymantec's Wrolstad expects to see such attacks from Iran continue against targets in the Middle East, "especially those with symbolic value to Iran or those linked to regional rivals like Saudi Arabia and Israel."\n"Dustman is an evolution of a tool that was found only a few months ago and I would expect that Iran would continue to evolve its malware in order to keep it from being easily detected," he said.\nData wipers are evolving\nDUSTMAN has different characteristics than other Iran-linked malware that has been observed through the years, but there are similarities.\u00a0 For example, "Shamoon" malware variants, also linked to Iran, use the same third-party driver, "Eldos RawDisk," according to the NCSC. And Shamoon bears similarities to ZeroCleare, another data-wiper linked to Iran, according to IBM's X-Force security intelligence service.\nLast month, IBM\u2019S X-Force unit said, "According to our analysis, ZeroCleare was used to execute a destructive attack that affected organizations in the energy and industrial sectors in the Middle East. Based on the analysis of the malware and the attackers\u2019 behavior, we suspect Iran-based nation state adversaries were involved to develop and deploy this new wiper."\nIn addition, both DUSTMAN and ZeroCleare utilized a skeleton of the modified version of\u00a0 the Turla Driver Loader (TDL), according to the NCSC.\nTDL, which is available on software development platform GitHub, is a driver loader designed to bypass Windows x64 Driver Signature Enforcement protections.\nSecurity experts are warning enterprises in the region to ramp up precautions.\n"The headline here is the malware itself, but it's important to remember that the point of entry was an unpatched vulnerability," said Tim Erlin, VP, product management and strategy at cybersecurity firm Tripwire. \u00a0"It's likely we'll see more of this type of state-sponsored activity."\nProtect your enterprise with these measures\nJason Bevis, vice president of cybersecurity analytics firm Awake Security Labs, lays out a few simple tips for company executives to follow:\n\nEnsure external devices are patched and default credentials are removed. If two-factor authentication can be implemented, it should be on external-facing technology.\n\n\nIn this case the antivirus (AV) software was used to push out the software across the enterprise. If there are systems with this capability such as AV or tools like Microsoft's System Center Configuration Manager, these systems should be set up with two-factor authentication and locked down to specific user access wherever possible.\n\n\nFor those companies that have detection and response technologies that allow them to hunt, they should be looking at Iran tactics, techniques and procedures (TTPs).\n\n\nOther actions include backing up VPN logs offline, and desktop backup to stores that have offline backups, among others.\n\nIn addition, the NCSC's report on the DUSTMAN attack has more detailed technical instructions on how to protect against cyberattacks.\n"The incident at Bapco demonstrates that we are in an arms race between attackers and defenders in the energy sector with destructive malware," Caleb Barlow, CEO of cybersecurity consulting firm CynergisTek told CIO.\n"The challenge is that outside of the energy sector and outside of the Middle East, companies have not prepared for a destructive cyberattack where entire systems are destroyed and there is no ransom to be paid to get your data back," he added.