Israeli experts: Country dodged the cyber bullet this time

PM: Critical infrastructure unharmed, but "everything could change’."

MAY 14, 2017 22:52

Updated: MAY 15, 2017 10:28

Cyber hacking (illustrative) (photo credit: INGIMAGE) — Cyber hacking (illustrative)

(photo credit: INGIMAGE)

Israel had made it through the cyber storm that engulfed tens of thousands of computers in 104 countries on Friday largely unharmed, a range of Israeli cyber experts and public officials said on Sunday.

The cyber attack was unusual as it has been attributed to organized crime, as opposed to a powerful state apparatus like Russian or Iranian intelligence. Previous cyber attacks on such a large scale had only been attributed to state actors.

New version of ransomware worm expected (credit: REUTERS)

But combined with an US National Security Agency hacking program that has been distributed online for public use as well as organized crime becoming more sophisticated in its cyber abilities, many experts said the massive attack was likely the first of many.

The attack was carried out by “ransomware” – in this case a program that prevents victims, including large institutions such as hospitals, from accessing their networks until after they pay a ransom, often of a few hundred dollars. While each payment may be small and feasible for the victims, the total collected can be massive and difficult to trace as it runs through the unregulated Bitcoin system.

Prime Minister Benjamin Netanyahu, at Sunday’s weekly cabinet meeting, addressed the global cyber attack stating that Israeli “critical infrastructure” remained entirely unharmed, but warning that “everything could change.”

The prime minister highlighted recent Israeli efforts to combat the “new threat,” including the establishment of the National Cyber Security Authority, and stressed the importance of investing “further resources in order to protect the State of Israel” from this new form of attack.

The National Cyber Authority itself as well as National Infrastructure, Energy and Water Minister Yuval Steinitz had signaled a heightened alert on Saturday, while emphasizing that Israel has invested significant time and energy in preparing for such attacks – far more than many other countries.

Moshe Ben-Simon, co-founder and vice president of Israeli cyber start-up TrapX, said the cyber attack using “WannaCry ransomware is another example of the accelerating trend for organized crime to fund and deploy ransomware for quick rewards.

“Organized crime is attacking us on three fronts:... purpose-built ransomware deployed en masse such as the ongoing WannaCry attack. The second front is for ransomware as a service (RaaS) attacks, where organized crime deploys ransomware software products to enable the less skilled criminals to rapidly deploy and clone their own attacks,” he continued.

“The third and newest front opened by organized crime in the ransomware war is... selling complete source code for ransomware tools. The solution to avoiding and defeating these attacks is increased visibility. They will get in your networks... You must be able to find these attacker tools in your network before they can encrypt and control your data,” he said.

“New best practices, especially in highly targeted industries such as healthcare, finance and manufacturing, suggest further movement toward technologies that can detect and then engage ransomware tools,” Ben-Simon said.

Lt.-Col. (res.) Uri Ben Yaakov of the International Institute for Counter-Terrorism at IDC Herzliya confirmed that the global attack was carried out by organized crime, and was unprecedented in its scale. But he said that cyber defenders must look beyond this attack to other potential non-state cyber attackers.

Ben Yaakov said that “at this point there is no information indicating that terrorist organizations were behind the attack, but we need to take into account that they can also use ransomware to obtain funds for their activities.

“Terrorist organizations also have a special desire to harm the critical infrastructure of states, as was attacked during this strike. The interface between terrorist organizations and organized crime, especially in the virtual world, is likely to provide terrorist organizations access to cyber-attack tools and abilities at a relatively higher level than what they currently use,” Ben Yaakov said.

He had warned of such developments as early as November 2016, based on terrorist organizations’ expansion into other harmful areas of cyber space.

Jerusalem Post staff contributed to this report.