When the National Cyber Defense Authority warned on Thursday that Israel could be targeted by a cyber terror attack within hours, it was not initially clear what information the urgent warning was based on.
- IDF Plans to Create New Cyberwarfare Branch
- China's Draft Cybersecurity Law Could Up Censorship, Irk Business
- Israeli Start-up Invents System to Foil Cyber Attacks
- Cyber-defenders Warn: Israel Is Vulnerable
“This is an immediate warning relating to threats to computer systems and mobile phones,” the warning declared. Security officials were instructed “to prepare for any possible scenario.”
Cyber attacks are carried out on Israeli cyber systems every day of the year. These attacks consist of attempts to disrupt infrastructure and services – known as denial of service (DoS) or distributed denial of service (DDoS) – cyber espionage or cyber ransom and online extortion.
The most serious threats are advanced persistent threats (APT) – stealthy and continuous computer-hacking processes usually directed at organizations and nations for business or political motives.
However, in recent years, many reported cyber incidents consisted of spear phishing – an email-based fraud that targets a specific organization, seeking unauthorized access to confidential data. It takes the form of an email to employees of the targeted organization, which appears to be from an individual or business they know, but is really from criminal hackers who want the recipients’ credit card and bank account numbers, passwords and financial information on their PC. The hackers are also after trade secrets or military information. The October 2012 cyber attack inaccurately dubbed “the Benny Gantz virus” was one of these.
A senior source told Haaretz that “the warning was distributed to government services due to the last Friday of Ramadan [July 10]. In recent years, this day has been accompanied by a series of DDoS attacks on Internet infrastructure in Israel.”
Two other events this week may have played a part, too.
On Wednesday, the New York Stock Exchange and United Airlines suffered technical glitches, forcing TASE to shutter temporarily and the airline to ground flights until computer problems were solved. U.S. Homeland Security Secretary Jeh Johnson said the problems were not related to “nefarious” activity, although the hacker group Anonymous had posted a Tweet on Tuesday that read, “Wonder if tomorrow is going to be bad for Wall Street ... we can only hope.”
Wednesday’s events followed on from a massive hack on Monday of Italian cybersecurity firm Hacking Team, a controversial company that makes surveillance software used by governments to tap into phones and computers.
Hacking Team’s Twitter account was hijacked (and renamed Hacked Team), and used by hackers to release what is alleged to be more than 400 gigabytes of the company’s internal documents, email correspondence, employee passwords and the underlying source code of its products.
“Since we have nothing to hide, we’re publishing all our emails, files and source code,” posts published on the hijacked Twitter account said. The tweets were subsequently deleted.
Shortly after the leak, it was reported that hackers were using a previously undiscovered flaw in Adobe’s commonly used Flash software in malicious programs. All exploit kits (toolkits used to exploit security holes) are reportedly using the Flash vulnerability for spreading ransomware – a type of malware that locks victims out of their computer system and demands a payment for renewed access. Adobe has already released an update to address the issue, and called on users to download the latest version of Flash software.
Israel has been working on upgrading its cyber activity in recent years, while its enemies have been stepping up their cyber-spy operations against Israeli targets. In one such operation, dubbed Volatile Cedar, the hackers used advanced malware known as “Explosive” to extract information from various organizations, some with links to the Israel Defense Forces.
Security experts believe a state or political group was behind the hack, suggesting Hezbollah or Iranian involvement.
Reuters contributed to this report.