Israeli chipmaker Tower confirms cyberattack forced it to shut down systems
Tower notified the relevant authorities, including law enforcement, of the incident and reported it to the Tel Aviv Stock Exchange on Sunday, but didn't say whether it was the victim of a ransomware attack
Israel-based and Nasdaq-listed wireless chip and camera sensors manufacturer Tower Semiconductor Ltd. (TSEM) has confirmed it has suffered from a serious security breach over the weekend. The company seems likely to have been the victim of a ransomware attack, similar to that suffered recently by Israeli software company Sapiens. Tower confirmed that it identified on Friday an incident that forced it to shut down its information and communications systems, but didn't say whether it was the victim of a ransomware attack.
The company notified the relevent authorities, including law enforcement, of the incident and reported it to the Tel Aviv Stock Exchange on Sunday. It is still unclear if and what damage the company suffered due to the attack and when it believes it will overcome it. One person familiar with the matter who spoke on condition of anonymity told Calcalist that the company has insurance for damages caused by a cyberattack.
Tower, which is based out of Migdal HaEmek in the north of Israel, employs over 5,000 people. Russell Ellwanger is the company's CEO. It remains unclear whether Tower's production facilities were damaged due to the security breach.
According to Tower: "The company identified on Friday an incident in its information and communication systems. The company shut down those systems in order to assess the situation and take the required actions in order to return to normal activity as soon as possible."
Ransom attacks are usually activated by malicious code transferred via online chat or email. The victim clicks on the link and is transferred to a site from which the harmful code is infused to the host computer. Hackers are then able to take control of the user’s computer or network and prevent other people from using it. After their computers are taken over, its owner or administrator receives a message demanding ransom in return for freeing the computer or network from its cyber shackles. The ransom is often demanded in Bitcoin, which allows the hackers to remain anonymous. According to a report by cyber company Coveware, the hackers release the computers back to use after receiving the payment in 98% of cases. Coveware’s research further found that the average ransom request in 2019 was $40,000 and lasted for 12 days.
"In my estimation, the company experienced a ransomware attack that wasn't specifically directed at it but was rather a case of hackers attempting to attack many companies," Yossi Rachman, Cybereason’s head of security research, told Calcalist. "In most production companies there isn't a hermetic seal between the production environment and the organizational computing environment. The virus can enter the organization because the production systems could be running old versions of Windows that control very expensive equipment and aren't updated because of the fear of how that might affect the machinery. The production floor is very vulnerable and sometimes managers install programs that will make it easier for them to supervise remotely. I think that the virus entered via an email of a website and that infected a computer in the organization and reached the control systems. Every second in which production is shut down comes at a financial cost and to get the system back up working is a complex and expensive process. A cyberattack can be prevented if you have a product that notifies you in real-time of the attack."