Subtle cyberattack met by swift cybersecurity acts

Data is the new oil, computer expert Dr. Reuven Lerner said.

An information analyst works in front of a screen showing a near real-time map tracking cyber threats; California, December 29, 2014 (photo credit: REUTERS/BECK DIEFENBACH)
An information analyst works in front of a screen showing a near real-time map tracking cyber threats; California, December 29, 2014
At 11:30 on Friday night Orian, an Israeli logistics and international freight forwarding firm, found itself the target of a cyberattack.
Alerted by Amital Data, an Orian software services partner, of the targeted attack on a computer server located at Orian’s offices, the logistics company learned that corporate data, as well as data from 40 of Amital’s clients, had been compromised.
According to the company, it identified the types of data taken in the attack but not the exact data taken.
Data is like the new oil,” Dr. Reuven Lerner, an expert and consultant in computer programming and data science, told The Media Line.
“Data is worth a lot, a lot of money,” he said.
Orian, a partner of the DB Schenker global logistics and supply chain network, reported in a notice to the Tel Aviv Stock Exchange that it turned to Israel’s National Cyber Directorate. “Working in tandem, we have reinforced and will continue to reinforce our data security system to prevent these types of instances from occurring in the future,” Orian said.
Unfortunately, the attack is nothing unusual. These and other types of cyberattacks occur more often than companies and countries publicly acknowledge. But what sets it apart is that the Israel National Cyber Directorate (INCD) became involved in the aftermath and is immersed in working with companies on a micro and macro level to deal with cyberattacks.
“Just about every company in Israel works with the Israel National Cyber Directorate. As soon as the logistics company and its partners learned of the attack they took action to shut it down. Simultaneously, the directorate informed other companies of the attack and what defensive activities to take,” Tel Aviv University Prof. Isaac Ben-Israel said.
Ben-Israel, a retired major general in the Israeli Air Force who teaches military, security and technology subjects, headed two task forces that created the country’s national cyber policies and its national cyber authority – the INCD.
He told The Media Line, “Israel was the first country to understand and come to the conclusion that cyber – before cyber became a term – required a national program.
“Early on, we understood the asymmetry of our situation regarding other regional players. Israel has many more advanced systems that can be impaired than our neighbors. We created a national program for critical infrastructure like electricity and water, as well as for safeguarding hospitals and transportation,” Ben-Israel said.
Thus in 2015, the National Cyber Security Authority (NCSA) was created and its services were made available to Israel’s private sector. In late 2017, the government decided to merge the NCSA with the Israeli National Cyber Bureau to create the INCD.
Inside the directorate, which employs some 350 people, is the Cyber Emergency Response Team (CERT). Headquartered at an industrial park in the southern city of Beersheba, CERT receives and handles hundreds of reports and information about cyberattack attempts or threats, from local and international partners, on a daily basis.
Akin to contacting the police at 911, fire services, ambulances and other emergency services, there is a dedicated three-digit telephone number leading straight to CERT. It is well used.
From September 2019 through September 2020, CERT dealt with over 10,200 incidents. The most prevalent type of cyberattack, at over 43% of the total, came from social media incidents, while attacks attempting to penetrate data and communication networks stood at over 30%.
This comes on the news this weekend that hackers, thought to be linked to the Russian government, broke into and accessed US agencies’ information, including in the Treasury and Commerce departments’ networks.
US media outlets are quoting US officials saying that cyber actors, or “threat actors” as Yochai Corem, CEO of Cyberint, a leading provider of intelligence-driven digital risk protection, calls them, are exploiting vulnerabilities to access sensitive data.
“Hacking is a business with multiple players from different sources and having different reasons for penetrating others’ networks,” Corem told The Media Line.
“Digital risk protectors such as Cyberint seek to discover a network’s weaknesses, the open doors or windows in the physical world as it were, before unwanted others do so,” asserted Corem.
He noted that by conducting deep searches in the dark web (internet networks used often by criminal and hacker elements that are not visible to everyday search engines), we can better understand what types of hacker codes are available and what kind of stolen information is being sold.
Even more troublesome to Corem and Ben-Israel are the very often unknown intersecting interests organized among “threat actors”: hackers, criminals, criminal organizations and countries.
“The real first cyberattack came in 1986 when East German criminals bought computer time from the University of California, Berkeley’s computers and exploited links to the US’s nuclear research Lawrence Livermore National Laboratory networks to access confidential data and then sell it,” said Ben-Israel.
“Following their apprehension, the group said they only did it for money. But here is where it gets interesting. After the fall of the Berlin Wall in 1989 and the opening of East German archives, it turns out that the person paying them was a KGB operative,” Ben-Israel noted.
“Today the modus operandi remains the same and many times you can’t tell who is acting against you,” he concluded.
With technology the fulcrum of modern life, hacking is the unintended consequence of the entire world using computer chips in products.
“Over 100 years ago when automobiles were introduced, we created car crashes. Today by embedding computer chips into more and more products, we are creating conditions for an escalation of hacking attacks,” noted Ben-Israel.
The cybersecurity industry is well aware of this.
Palo Alto Networks, a global cybersecurity leader, released its “EMEA 2021 Cyber Security Predictions” report, describing the various factors enabling cyberattacks.
It is not a surprise that the coronavirus pandemic is playing its part in weakening cybersecurity.
The company notes that as a consequence of “security policies being relaxed with the need to allow staff to use their devices at home,” and with many homes having 20 to 50 items connecting to the internet, there are “bigger risks of access into a business’s critical systems and information."
The future will not be easy for any computer and information system’s network: not in bureaucracies, corporate environments, and security and defense agencies. Not even in what we used to consider the safest of havens, our homes.
As the world rushes forward, cyberattacks and cybersecurity will continuously battle for supremacy. No one expects 2021 or beyond to be any different.