Israel's cyber infrastructure vulnerabilities exposed in recent wave of attacks
Israel's cyber infrastructure vulnerabilities exposed in recent wave of attacks
85 cyberattacks have been reported since the beginning of the month, most of them attacks on institutional websites
The cyberattack against the Israeli Postal Company this past week exposed many vulnerabilities, amidst a wave of cyberattacks against Israeli websites and institutions by hackers.
The attack on Israel Post was ultimately stopped at the critical moment, and as far as is known, no sensitive information was leaked, and there was no damage caused. Yet, the incident emphasizes how a country’s essential institutions - and particularly Israel’s - are often the target of choice for hackers and require robust protection.
The identity of the hackers and the nature of their attack remains unknown, but according to Israel Post, they were skilled and relatively sophisticated. The same cannot be said about the cyberattack on Israel’s irrigation systems this week, which caused water pumps to cease functioning, with the message "You have been hacked, Down with Israel" appearing on their screens, as part of an ongoing cyberattack campaign waged against Israel annually called “OPIsrael”. It is believed that the attackers did not specifically aim to disable irrigation systems, but used broad scanning and cyberattack tools, searching for security weaknesses and then exploiting them to penetrate websites, and disable or corrupt them.
The primary objective of such attacks is to cause panic and distress, followed by a political message and stealing personal information. The OPIsrael operation typically includes a distributed denial of service (DDoS) attack. In this type of attack, computer networks send multiple information requests to websites in order to cause a traffic overload, crashing the site.
This type of attack was carried out by a group called "Anonymous Sudan," and disabled Israeli university websites, the Israel Railways website, and other sites last week.
"In recent days, we have seen an increase in attacks against Israeli infrastructure," said Niv Yona, Director of Security Research at Cybereason. "These attacks are part of the OPIsrael operation that takes place every year in April. The attackers manage to attack a variety of targets, mainly civilian or local targets that are not defined as critical, but still manage to cause panic."
Five cyberattacks have been reported to the National Cyber Directorate since the beginning of Ramadan. Most of them are denial of service attacks on websites. These are attacks that organizations all over the world deal with, but as they grow in their level of sophistication they pose an increasingly significant threat.
Various types of cyberattacks
The cyberattack on the postal service was an attack on an organizational computer system. Such an attack can be carried out for various reasons, depending on the identity and motives of the attacker. Often, it is a ransomware attack designed to extort the organization by shutting down its computer system or threatening to publish sensitive personal information. Usually, these attacks are carried out by skilled criminal organizations, although at times, state-sponsored hackers may also be involved. This is an attack that is intended to be exposed, at least to the targeted organization, as its ultimate goal is to receive monetary compensation.
A type of cyberattack called a "breach attack" is intended to extract internal information from an organization for the purpose of transferring it to competitors or selling it on the dark web. For example, information about the organization's customers, such as payment details or sensitive personal information that can be used as a basis for phishing attacks. Often, the attackers are organized crime groups, and a successful attack will remain hidden, as this type of information is highly profitable when the victims are unaware that it has been stolen.
Another type of attack is intended to disable or disrupt the operations of services, so that it is difficult for the organization to regain control of its systems. Attacks of this type are often carried out by state-sponsored hackers.
A "supply chain attack" is when the hacker does not directly attack the target organization but attacks the infrastructure of one of its service providers. Through this attack, the attacker can penetrate the systems of the target organization, or the systems of many other organizations that work with the same provider.
Need for robust cyber defense
There is, of course, a feedback loop here, when the rise in sophistication of the attackers pushes for increased defense on the other side. Both sides innovate and develop as fast as they can just to maintain the balance between attackers and targets. The main question facing us is whether the local Israeli cyberattack prevention infrastructure is sophisticated enough to counter these attacks.
While Israel’s cyber security infrastructure has proven mostly sufficient at neutralizing attacks, there have been exceptions. A cyberattack against Hillel Yaffe Medical Center about a year and a half ago and the Technion about two months ago led to shutdowns and disruptions of institutional services.
In order to prevent such events in the future, there needs to be a responsible entity in place. But this entity, the National Cyber Directorate, operates with one hand tied behind its back.
While it does possess the legal authority to regulate the cyber defense of 50 bodies defined as critical infrastructure, bodies whose activities have no substitute, such as the Israel Electric Corporation and Israel Post, it does not have authority to regulate an additional 500 bodies defined as vital infrastructure such as hospitals. A cyber defense law is currently being proposed that will hopefully grant greater authority for the Directorate. But until then, all we can do is wait.
