Since the start of December, Iranian sources have been responsible for a growing number of cyberattacks targeting Israeli government and privately-held companies in Israel and abroad, sources close to the matter have told “Globes.” The vast majority of the attacks have been thwarted in their early stages with others stopped later on and as far as is known no major damage has been inflicted.
According to a senior Israeli defense source, after several years of defensive operations and building digital protection systems with the assistance of agencies in China and Russia, the Iranians have now moved into the attack phase. The source added that last month saw a substantial rise in attack activities, perhaps to mark the first anniversary of the assassination of the head of the Islamic Revolutionary Guard Qasem Soleimani or following the assassination of Iranian nuclear scientist Mohsen Fakhrizadeh.
According to the source, disguised as a group of independent hackers, some linked to countries like Turkey, Iran has launched dozens of cyberattacks on Israeli sites, including government targets, most of which were neutralized early or failed to cause any real damage. An analysis of the attacks shows that those against privately-held companies were stopped at a slightly later stage, demonstrating the existing gap between the public sector and national infrastructures and the private and business sector.
The global cyber war is being fought around us on digital battlefields and in recent years more than ever. In this war, Israel is on the front line against global rivals hidden by superpowers, the best known of them headed by Iran.
The opening shot in this global cyber war was attributed to Israel – the Stuxnet attack in 2011, which damaged the digital network, which was developing systems for Iran’s nuclear weapons. Since then the cyber warfare has spread to other national battle arenas (as well as commercial arenas).
Looking back it can be seen that the Iranian initiative began with an apparently simple attack by hackers on Israeli websites in which homepages were planted supporting the Palestinians, subsequently progressing to attempts to harm national infrastructures. The best known attack was on the computerized systems of the Mekorot National Water Company last April, which a short break in water supply to several locations in Israel. Shortly afterwards all activities at one of Iran’s busiest ports was halted because of bad damage to its computer systems in another cyberattack that was attributed to Israel, as retaliation for the Mekorot attack.
The defense source said, “This is a battlefield in every sense and so when they shoot at you, you shoot back.”
The source added that the best form of defense, in addition to the best defense installations, is attack. “When the enemy knows that its infrastructures are exposed to more powerful attacks that it can perform itself, then the hesitation exists. Therefore substantial efforts are made to discuss the country that is attacking through a group of unidentified attackers by demanding a ransom to make out it is as if it is a regular ransom attack by criminals.”
The source added that, “Some of the attacks do not try to destroy or make changes but plant a dormant system that can be used later. Those are the most dangerous because they are passive and difficult to discover.”
Are we protected? The State Comptroller’s report in May 2019 said, “Despite the efforts in recent years, there is still as gap between the cyber defense of vital installations, government ministries and the civilian space.”
The solution that the state is trying to provide is within the national cyber system. The protection of infrastructure installations at the start of the last decade was arranged by the General Security Services (Shin Bet) which mapped out several dozen organizations as ‘critical infrastructures’ including electricity, water, energy installations, chemical plants, and subsequently banks, the mobile phone companies, and more.
Subsequently, handling of the civilian organizations was separated and transferred to a special organization that was set up – the Israel National Cyber Directorate headed by Yigal Unna, a former head of the Shin Bet’s Cyber and Technology Division. The directorate’s advantages are civilian thinking, dialogue with commercial operations, and harnessing national resources for the job. The disadvantages are that unlike the Shin Bet, the reaction time is slow, ‘civilian’ regulation is less decisive than in the defense sector and the issue of enforcement over private bodies. The attack on the Shirbit insurance company, which was handled with the guidance and cooperation of the directorate, testifies to the fact that there is a lot of work to be done.
Israeli cybersecurity technology company Cyberreason Chief Revenue Officer Shai Horovitz thinks that at a national level the country’s situation is actually relatively good and that through the National Cyber Directorate has created a relatively effective protection system. But he adds that the private sector, companies and factories, still lag behind. The attack on Shirbit epitomizes this and should serve as a real wakeup call to executives of these companies.
Horovitz categorizes cyberattacks into three types: national state level attacks in which countries like Russia, China and North Korea are mainly operating and their aim is military, defense surveillance and industrial espionage including stealing commercial secrets. For example in 2019, Cyberreason identified an attack, probably from China, which penetrated 25 mobile phone companies around the world, thus gaining access to information from hundreds of millions of phones belonging to the companies attacked.
Sound familiar? In 2019, it was reported that Shin Bet heads met with Benny Gantz to tell him that the Iranian secret services had breached his phone. Mobile phones can be accessed through sending a compromising link by text or email as well as through the operating system.
The latest and probably largest attack to date has been attributed to Russia and was against SolarWindows through which it penetrated hundreds of US government agencies and companies and probably elsewhere. The US government is still investigating the extent of the damage and how much and what information was exposed to the attackers. According to different estimates, there was also damage to tech giants including Microsoft.
A second type of attack is by ransomware, which locks the victim’s computers with a demand for a ransom. These serve organizations and hackers and occasionally states and are often combined with stealing data or threats to expose embarrassing information. This was the type of cyberattack on Shirbit.
The third type of attack is by organized crime, which instead of robbing a bank in a holdup with guns and masks, does so by uncovering passwords of customers and companies and stealing money from their accounts cleanly and remotely.
Source » globes