Every week sees an average 30 cyber attacks against Israeli companies

As a wave of cyber attacks targets Israeli companies, the country’s status as a cyber-superpower is under threat.

Last week an Iranian cyber group managed to hack the network of ELTA Systems, a subsidiary of Israeli Aerospace Industries (IAI). The hackers released a list of the site’s users as proof of their success, including the name and username of ELTA’s head of cyber projects development.

“IAI might think they have the most protected network,” the hackers wrote in a mocking announcement, “but this should be backed with proof.”

How serious is the hack, and what does it say about Israel’s cyber preparedness in general?

“It’s serious,” confirms Dr. Harel Menashri, a co-founder of the Shin Bet cyber department and currently head of the cyber faculty at the Holon Institute of Technology. He says the attack will be perceived as severe because of Israel’s proud standing in the world cyber arena. “Israel is the first country in the world to stand up and say we are going to systematically protect national vital digital systems.”

Over the past year, Israel and Iran have been waging a bitter war in the cyber sphere, only some details of which have become known to the press and acknowledged by the countries’ governments.

“What’s happening now is the attackers are getting bolder,” says Uri Berkovitz, cyber expert for Globes magazine. “The goal here isn’t just to exhaust Israeli industries and cause them damage, but to destroy Israel’s image as a country with a cyber–Iron Dome that’s immune from cyber attacks.”

“This is not a very sophisticated strategy, but it’s effective, because they’ve managed to create hysteria on the Israeli side and create a perception of Israel’s defeat and their victory,” adds Menashri.

Lotem Finkelstein, threat intelligence group manager at Check Point, tells Mishpacha that every week sees an average 30 cyber attacks against Israeli companies.

“We’re witnessing more and more cyber attacks that sabotage the activities of Israeli companies and create a media wave,” says Finkelstein. “This is because threat actors with advanced capabilities see others’ success in hacking Israeli organizations and want to share the limelight. The attacks everyone’s heard of recently were just the ones that created a stir.”

Finkelstein notes that in the past half year, there’s been a steady increase in the number of monthly cyber attacks on Israeli organizations. While July saw 19,000 different kinds of attacks on Israel, November saw 33,600 — a 74% increase. The first 12 days of December saw 18,000 cyber attacks, which could portend a 10% increase from November by the end of the month. The public sector was the target of 32% of the attacks; after that came the financial and banking sectors with 24%, and far behind, high-tech companies with 5%.

In last week’s IAI attack, it’s still unclear what information the hacking group, known as Pay2key, managed to access. But there is concern that they may have laid their hands on extremely sensitive research material. A subsidiary of IAI, ELTA Systems is considered one of the world’s leading companies in the field of electronic warfare, radar, and cyber. If the hackers managed to tap into even a small percentage of the company’s data, this could pose a national security risk. The Iranians are known for their ability to reverse-engineer captured equipment and turn it into operable technologies.

In addition, the hackers released the personal details of Esti Peshin, the general manager of Israel Aerospace Industries’ Cyber Division. This breach is extremely embarrassing, given Israel’s image as a cyber superpower. Peshin was for years considered one of Israel’s leading cybersecurity figures, directing IAI’s activities in the field. Among other things, she oversaw the export of IAI cybersecurity products all over the world.

“The hack became possible as a result of carelessness and negligence on the part of the heads of IAI’s network administrators,” said computer experts who investigated the hack.

A few days before, the hackers breached the computers of Habana Labs, a subsidiary of Intel in Israel, and published sensitive files, including details of the company’s internal processes.

Meanwhile, hackers with suspected links to Russian intelligence (or China, according to Trump) exploited a weak point in the Orion software system developed by SolarWinds, and used by government agencies in the United States, to breach systems at the departments of Defense, State, Treasury, Commerce, and Homeland Security, as well as dozens of key companies in the American economy.

And still in the background, there’s the Shirbit hack, with a cyber group calling itself “Black Shadow” demanding ransom of 400 bitcoin (close to NIS 4 million) for sensitive information it stole from the Israeli insurance company.

After Shirbit refused to pay the ransom under directions from the National Cyber Directorate, the hackers released 2,000 documents of client data and threatened to sell all the information they had to the highest bidder. At a certain stage, the hackers wrote that if their demands weren’t met, they would sell the information to Iranian intelligence.

Were the perpetrators just fortune hunters, Iranian hackers under the guise of fortune hunters, or a financial competitor seeking to damage Shirbit’s standing? Nobody knows yet, but suspicion is increasingly focusing on the second scenario — Iranian hackers.

Despite Israel’s early start on trying to hack-proof its infrastructure, and despite the Shin Bet’s involvement and key government resolutions on the matter, the Israeli public sector remains vulnerable in the cyber sphere. While critical infrastructures such as energy, water, and transportation have been getting cyber protection from the state (first from the Shin Bet and later from the National Cyber Directorate) as far back as 2003, companies and commercial organizations aren’t always adequately protected. It was for this reason the National Cyber Directorate was formed several years ago.

“The directorate is tasked with protecting the public sector and taking over cyber protection from the Shin Bet of vital digital systems that are not related to security and don’t necessarily possess classified government information,” says Dr. Harel Menashri. “Professional instructors in each field lay down the rules for how cyber protection should be conducted in that arena, and the instructions are passed on to the companies.

“But even with the best cyber security in the Western world,” says Menashri, “we don’t and never will have hermetic security. Security is made to be breached. Even Iron Dome is breached now and then.

“In the cyber world there’s a dictum that the attacker always has an advantage over the defender. Someone probing a system’s defenses will inevitably discover flaws in its operation that no one can predict. The work of uncovering vulnerabilities is an entire industry, which is worked on by both hackers and defenders — there are also ‘good’ hackers who test computer systems in order to report vulnerabilities to the systems’ owners, so they can be fixed.”

(Originally featured in Mishpacha, Issue 842)