Beginning of new Era
The recent dramatic cybersecurity attacks on civilian populations over last two months in Israel and Iran changed cyberwarfare as we know it. Although cyberwarfare is already considered effective by countries and organizations for the disruption of military facilities or for stealing data, the following events changed the battlefield and influenced civilian life. We believe that critical infrastructure is in severe imminent risk. Bringing civilian populations to the cybersecurity warzone will require new methods, new capabilities and massive investment in cybersecurity. This will increase investments both from countries and agencies as well as require new products by cybersecurity companies securing crucial infrastructure.
Part I: Attacking civilian water systems
On 23.4.20 the Israeli National Cyber Directorate (CERT-IL) reported alerts of cyber-attack attempts to control systems of wastewater treatment plants, pumping stations and sewers. CERT-IL called on companies and entities in the energy and water sectors to immediately change passwords for everything from the Internet to control systems, reduce Internet connectivity, and ensure that the most up-to-date version of controllers is installed. The attacks then took place immediately thereafter on 24-25.4.20 (Friday and Saturday which are weekend days off in Israel).
The cyberattack aimed to raise the chlorine level in Israeli water. According to the head of CERT-IL, if this attempt had succeeded, a disaster would have occurred impacting water facilities and supplies. The cyberattack on water plants could have triggered fail-safes as the pumping stations shut down when the excess chemicals were detected, leaving thousands of civilians without water supply.
From a technical point of view, the attack was performed by malware from US servers to cover the tracks and the true identity of the attackers on six facilities, with impact ranging from unauthorized access to data destruction. In one facility a water pump system in the Sharon region of central Israel stopped working. The facility’s computer system resumed pumping operations within a short time but also recorded the occurrence as an exceptional event. The exact attack path, how the attackers penetrated the system, and how deeply the attackers entered the system is being investigated.
Part II: Attacking civilian port
A few weeks after the water facility cyberattack in Israel, on 9.5.20 Iran reported disrupted operations at Shahid Rajaee, a major port in Iran. Over half of Iran’s commercial trading is carried out at Shahid Rajaee. The port complex also accounts for over 85% of all container throughput in the country. Soon after the cyberattack began, the port’s authorities detected it, but failed to fix it immediately so they switched to manual management of the unloading and loading of containers which caused severe delays. Satellite photographs depicted miles-long traffic jams on highways leading to port on the day of the attack. Days later, dozens of loaded container ships were seen in a waiting area off the coast.
Part III: Hackers of Savior
On 21.5.20, a group called "Hackers of Savior", which reportedly contained nine members from Muslim countries used a security vulnerability in a WordPress plugin to distribute their exploits in a website-defacing campaign. The attackers replaced the pages with images of Tel-Aviv in flames for thousands of Israeli websites. They also tried to gain personal information from users with malicious code, seeking permission to access visitors' webcams. Most of the breached websites were located in the web-hosting company uPress. Although in these "old style" attacks no data was stolen, the Hacktivism group tried to use these attacks to attract more volunteers to increase their attack and tried to gain influence.
Part IV: What nextי?
The escalation in cyberwarfare in the past two month represents a new era of cyberattacks between countries and organizations. In the past, most of these attacks targeted to steal data or disrupt military actions, but now, the targets are mass populations.
Multilayer attacks – In the new era of cyberattacks we see multi-layer attacks combining existing cyberattack tools together with new ones. Old cyberattacks comprised of stealing data and disrupting military activities will likely continue as the base level of cyber warfare. In between the two, sophisticated attacks aimed at obtaining influence will likely increase, as attempts to affect elections and decision makers. New attacks on civilian facilities will likely continue and be the higher level of cyberwarfare.
We believe that critical infrastructures are in severe imminent risk. Power grids, airports and traffic control systems, telecom facilities as well as ports are likely to be targeted. We believe that these attacks will be distributed from several sources who would attack several targets in parallel, and sometimes through attacks on critical infrastructure in different territories simultaneously.
Arms race with massive cybersecurity investments – In the new era, a cold war will probability accelerate an "arms race", but this time it will be for cybersecurity capabilities. We saw an increased number of new cyber agencies adopting protocols for protecting critical civilian infrastructure. The attacks will probably accelerate to gain greater influence. Attacks methods like DDoS, IoT botnets attacks, malware and even ransomware will likely be part of the toolkit for joint cyberattacks and might also try to attack civilian businesses in parallel. This will shift homeland security budgets to cybersecurity.
New collaboration between cybersecurity companies and government authorities – The new civilian facilities attacks will increase collaboration between government and cybersecurity companies. In case of cybersecurity attacks and cybersecurity companies that have the capabilities both to protect infrastructure and also provide attack forensics, which is an important element for understanding the attacks in order to protect against new ones. There are cybersecurity companies which already take part in this new effort providing protection and working with governments during attacks.
קבל הצעה לניהול תיק השקעות
(לבעלי הון פנוי של 300 אלף ₪ ומעלה)
This review is for informational purposes only and is not intended as an offer or solicitation to buy/hold/sell securities and/or any financial assets. This review is based on information, which Migdal Capital Markets (1965) Ltd. ("Migdal") believes to be reliable. However, Migdal or everyone who is acting on its behalf cannot guarantee the integrity or accuracy of the review. The review does not purport to be a complete analysis of all of the issues listed therein, and therefore Migdal assumes that the review will be read along with other available reports and additional data. The opinions expressed in the review are correct as of the date of publication, and may change without further notice. Migdal will not be liable for any damage and/or loss, however they may be, as a result of reliance on this review. In addition, the review should not be considered a commitment by Migdal to earn profits. The review does not constitute investment advice / investment marketing, including tax advice, and does not replace the reader's independent discretion and professional advice, including by a qualified investment adviser/marketer, given the reader's particular data and needs. It is clarified that Migdal and/or companies in Migdal Capital Markets Group and/or interested parties have an interest in the information presented in the review and/or may hold and/or trade for themselves and/or for others in securities/financial assets related to the review, and that Migdal and/or the aforementioned companies manage and/or may manage funds and investment instruments in subjects related to this review and/or act or may act as advisors to other fund managers and investment instruments isuuers in subjects related to this review. Do not copy, photograph, print, reproduce, distribute, transmit or publish publicly, directly or indirectly, the review and/or any part thereof in any way without the prior written consent of Migdal. The information contained in this review does not constitute an offer to purchase units in mutual funds managed by Migdal and/or which Migdal is an external advisor to the Fund Manager. Units will only be purchased based on valid prospectuses and immediate reports.