“Effect of cyber attack on Gold Bond will last for weeks,” warns expert
The group which operates terminals as well as a robotic logistics center in the port of Ashdod announced the shutdown of most of its computer systems following a cyber attack. The company's annual report did not mention a cyber attack as a potential threat to its operations
The hackers posted photos from security cameras as well as of the company's alleged internal computer systems. The obvious conclusion is that the intrusion is probably much more severe than the company is trying to present.
The hackers behind the Gold Bond computer attack are apparently a group calling itself Hackers of Saviors. These are hacktivists (political hackers) who operate in the name of the Palestinian struggle. It is not clear whether they are controlled by any organization or whether it is an independent group. Various assessments have found that they have contact with the Iranian government but there is no way to verify this.
“Returning to the operations of a cargo terminal such as that run by Gold Bond can take weeks," Ram Levy, CEO of the cyber company Konfidas, told Calcalist. "A terminal that does not communicate with the world can not function. Gold Bond is a back terminal, which means that containers can not be received and taken out. Ports and terminals rely on a number of interconnected systems and all exchange electronic information with shipping companies, importers, exporters, customs, other ports and more. This is what increases the complexity of handling such an incident.”
Yossi Sassi, one of the founders of 10Root, a company that handles events of this nature, also thinks that it is very difficult to know how long the systems will be down. "Depending on the readiness or advanced preparation of the company, it can take between a few days and three weeks. The average is about two weeks," he said. According to Sassi, the process of returning to activity includes a number of steps, most of which take a long time, such as restoring systems and returning them to a functional state, formulating a public and regulatory response, and finally finding the entry point and forensic identification of the attack: who did what, from where and whether the attacker is still active.”
The National Cyber Directorate explained that although ports are considered a critical infrastructure, Gold Bond is not, therefore it does not fall under state protection in the field. "The directorate is accompanying the company in dealing with the incident. The activity of the ports continues as normal and is not dependent on the company,” read a Directorate statement.
Access to internal systems
The hackers who attacked have not yet been identified, but it is known that they have already acted against Israeli targets. According to Lotem Finkelstein, director of the cyber and intelligence research department at Check Point, "the current attack is different in nature from previous attacks as this time the concern arises that the group was able to leak sensitive information, which according to publications on the telegram channel associated with it were seen from security camera footage. If this is true, then this means there was access to the company's internal systems," he said. "In the meantime, it is difficult to know whether this is an Iranian, Palestinian or other group. So far, it has been estimated that this is a non-professional group, the main purpose of which is to spread pro-Palestinian propaganda."
Gold Bond is traded on the Tel Aviv Stock Exchange at a value of NIS 557 million (approximately $176 million), and its controlling shareholders are the Schmelzer family, Shlomi Fogel and shipping terminals (controlled by the Burchard family), each with a holding of 29.1%. The holdings in Israeli shipyards are divided equally between Gold Bond, the Schmelzer family, Shlomi Fogel and Sami Katsav - each with 20% (Vogel and Schmelzer also have indirect holdings through Gold Bond). The market value of Israel Shipyards, issued in Tel Aviv in September 2020, is NIS 2.1 billion.