Thursday, October 29th | 11 Heshvan 5781

Subscribe
October 18, 2020 1:00 pm

Report: Iranian Hacking Group Launched Concentrated Attack on Israeli Companies

avatar by Raphael Kahan / CTech

A man holds a laptop computer as cyber code is projected on him in this illustration picture taken on May 13, 2017. Photo: Reuters / Kacper Pempel / Illustration.

CTech – Cyber companies ClearSky Cyber Security and Profero Cyber Security reported Thursday some disturbing findings, detailing Iranian cyberattacks on Israeli companies. According to the report, the attack used malware aimed at encrypting computers and blocking users from accessing them, similar to ransomware only without demanding money. The Iranian hackers would have been capable of blocking Israeli companies from accessing their data, a troubling scenario especially during the work-from-home era, and the increased use of digital means to carry out commercial and economic transactions.

The Iranian hacker group, dubbed MuddyWater, used a relatively new tactic in order to penetrate the Israeli companies’ security systems. Hacking has been yet another front in the ongoing digital war between Israel and the West against the Iranian Revolutionary Guards over the past several years.

“In early September, we located attempts at an attack by the group MuddyWater against Israeli companies,” explained Profero’s CEO Omri Segev Moyal. “ClearSky was able to pinpoint an overlap between this attempt to an identical campaign uncovered recently by Paulo Alto Networks.”

“Apparently, the hackers aimed to launch fake ransomware attacks, aimed at encrypting Israeli companies’ data and preventing it from being restored. The attacks were launched by using vulnerabilities in the operating systems or through phishing attacks that most likely used infected Adobe PDF or Microsoft Excel files,” said Moyal.

Related coverage

October 28, 2020 2:08 pm
0

IDF Will Destroy ‘Any Enemy’ With ‘Steel Fist,’ Israeli PM Vows During Visit to North

Israeli Prime Minister Benjamin Netanyahu visited on Wednesday IDF troops taking part in a large-scale exercise near the border with...

“Usually this group uses social engineering campaigns to steal information and spy on other organizations,” added ClearSky CEO Boaz Dolev. “For the first time, we exposed a different means of a cyberattack that is solely aimed at causing harm and ruin.”

The hackers used a Shamoon-based malware that has been employed as a cyber weapon by Iranians for years. The most infamous attack was in 2012, when it wiped tens of thousands of computers’ data from the Saudi National Oil Company. Over the years, the Iranians have refined and improved the malware, and added several new versions.

Viruses such as Shamoon are characterized as “Wiper” malware, and are designed to erase data that is stored on a computer or computerized infrastructure. However, this attack attempted to disguise the virus as ransomware. Such attacks have become a hit over the past year, although they are easily spotted by software security systems. Concealing the virus allows it to mask the extent of its attack and its origins.

It remains unclear to what extent the attacked companies have been harmed; the report did not include names. However, during an interview with Calcalist, it was mentioned that “many companies were attacked.” While the current attack failed due to help from the National Cyber Directorate, Profero, and CyberSky, there is no telling whether future attempts will be more sophisticated. It has been recommended that companies who want to prevent such damage should make use of the EDR system, update servers and access stations, increase employee awareness at attempts at phishing and social engineering, and frequently change passwords.

Share this Story: Share On Facebook Share On Twitter

Let your voice be heard!

Join the Algemeiner

Algemeiner.com

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.