Dozens of Israel’s largest importers and logistic companies have been targeted for the past two weeks by cyberattacks, culminating in several major breaches over the past weekend.
Attacks Targeting Supply Chain
The attacks came after a breach into the servers of Amital Data’s servers, allowing access to the data of clients using its Unifreight logistics software. Its client list includes about 40 freight forwarders, shipping agents, airline cargo sales agents, and customs brokers. Some of these companies are involved in importing sensitive military equipment.
Hacks into another 15-20 logistics companies that are not clients of Amital were also discovered to have been hacked. The attack could endanger Israel’s supply chain for basic commodities. The stolen information may also be of strategic value to enemy states.
No ransom has been demanded for this data and the identity of the culprit is still unknown. According to Yossi Rachman, Director of Security Research at Israeli cyber company Cybereason, the attack looks to be a wide-scale intelligence operation, assuming it wasn’t random in nature.
“If you take into account Amital’s significance in exporting and importing to and from Israel, this resembles the Russian attack on Ukraine in 2017 with the NotPetya malware. By hacking into a popular accounting software in Ukraine, the Russians managed to paralyze the Ukrainian economy for several days.”
Cyberattacks Target Intel
In another cyberattack, hackers using Pay2key malware targeted Israeli Habana Labs, a subsidiary of Intel. Calcalist reported that the hackers accessed plans and information regarding Intel’s new artificial intelligence chip Gaudi.
The group posted on its Twitter account a link to a leak directory and pictures of what they claim to be Habana source code and internal processes. Calcalist suggested that the hackers did so in order to demand a ransom from Intel.
The hackers also claimed to have accessed Habana’s domain controller which would give them access to the company’s organizational work. This is far more serious than a malware breach.
Ransom and Iranian Connection
Pay2key malware has been used successfully by Iranian hacking groups in the past to encrypt an organization’s entire network, reportedly doing so in less than an hour. So far, 13 Israeli companies have been successfully targeted by Pay2key, benign forced to pay 7-9 Bitcoin in ransom worth approximately $110,000 to $149,000.
Cybersecurity firm Check Point Software Technologies Ltd. released a statement saying: “This is a fast and sophisticated type of ransomware that encrypts entire organizational networks within an hour, while threatening to leak large amounts of data belonging to the targeted organizations to the darknet if the ransom isn’t paid,” adding that in at least three instances, the victim’s data was leaked.
Four targeted Israeli companies have reportedly paid the ransom. Calcalist reported that “in cooperation with WhiteStream, an Israeli blockchain intelligence company, the researchers were able to follow the Bitcoin money route and found that they all ended up in what appeared to be an Iranian cryptocurrency exchange named Excoino.” Registering with Excoino requires a valid Iranian ID and phone number, indicating that the perpetrators were Iranian nationals.
Lotem Finkelstein, Threat Intelligence Group Manager at cybersecurity giant Check Point, told Calcalist that it is no coincidence we are witnessing an increased number of attacks on Israeli companies. “This is the result of attack groups with advanced capabilities identifying the success of others in attacking Israeli organizations and their wish to also grab a share of the loot,” explained Finkelstein.
“Most of the recent notable incidents were ransomware attacks, but while these are a significant part of the total number of hacks they aren’t the only type of attack.”
Finkelstein noted that there has been a steady increase in the number of attacks against Israeli organizations over the past six months. While in July the number of cyberattacks against Israeli organizations was estimated at 19,000, in November that figure reached 33,600, an increase of 74%.