The Israel’s Minister of Infrastructure, Energy and Water, Yuval Steinitz, told CyberTech 2016 attendees in Tel Aviv that the Israeli Public Utility Authority suffered a severe cyber attack. The threat actors hit the Public Utility Authority with a malware caused problems with the internal systems, some of them still not working properly.
The country’s energy minister said Tuesday that officials are still working to neutralize it, meanwhile, The Jerusalem Post describes the incident as one of the biggest cyber attack suffered by the Public Utility Authority
“Yesterday we identified one of the largest cyber attacks that we have experienced,” Steinitz said. “The virus was already identified and the right software was already prepared to neutralize it. We had to paralyze many of the computers of the Israeli electricity authorities. We are handling the situation and I hope that soon, this very serious event will be over … but as of now, computer systems are still not working as they should.” states the article published Tuesday by The Times of Israel.
The attack was spotted on Monday when the temperatures in Jerusalem dropped to below freezing, this circumstance caused a record in electricity consumption. In response, the country’s National Cyber Bureau shut down portions of Israel’s electricity grid.
According to Ars Technica, there is no evidence of the attack against the Israel’s power grid.
“Contrary to a previous version of this post, there’s no indication Israel’s power grid was attacked.” states Ars.
As usually happens in these cases, it is very difficult to attribute the attack to a specific threat actor, the Israeli energy minister didn’t identify any suspects and probably we will have to wait for further analysis on the malware used by attackers.
Robert M. Lee, the CEO of Dragos Security, published an interesting post on the SANS ICS blog which confirms the difficulty in attributing such kind of cyber attacks to a specific threat actor.
“Israel has threats that it must consider on a day-to-day basis. Critical infrastructure is constantly the focus of threats as well although there are a lack of validated case-studies to uncover the type of activity much of the community feels is going on in large quantities. However, reports of cyber attacks must be met with caution and demands for proof due to the technical and cultural challenges that face the ICS security community,” Lee wrote.
“Simply put, there is a lack of expertise in the quantity required alongside the type of data needed to validate and assess all of the true attacks on infrastructure while appropriately classifying lesser events. Given the current barriers present in the ICS community the claims of attacks should be watched diligently, taken seriously, but approached with caution and investigated fully.”
The attack raises the attention about the level of security for critical infrastructure worldwide. Cyber attacks are becoming even more insidious and sophisticated and the risk for a major incident is concrete.
Steinitz added that the attack suffered by the Israeli Public Utility Authority was an example “of the sensitivity of infrastructure to cyber-attacks, and the importance of preparing ourselves in order to defend ourselves against such attacks.”
“We need cyber tech to prevent such attacks. Cyber-attacks on infrastructure can paralyze power stations and the whole energy supply chain from natural gas, oil, petrol to water systems and can additionally cause fatalities. Terrorist organizations such as Daesh, Hezbollah, Hamas and Al Qaeda have realized that they can cause enormous damage by using cyber to attack nations,” Steinitz added.
The attack comes a few weeks after Ukraine’s power outage, and the incident that was caused by a concomitant of factors, including a cyber attack based on the BlackEnergy malware that targeted industrial control systems of the regional power authorities.
Regarding the Ukraine power outage the experts suspect the involvement of a nation-state actor due to the level of sophistication of the attack and the fact that the operation was extremely well coordinated.
A recent update about the cyber attack against the Israeku Public Utility Authority downgrades the incident, it seems that a ransomware spread via email has locked the systems in the organization.
“However, new reporting shows that the “cyber attack” was simply ransomware delivered via phishing emails to the regulatory body’s office network and it appears in no way endangered any infrastructure.This once again stresses the importance around individuals and media carefully evaluating statements regarding cyber attacks and infrastructure as they can carry significant weight.” states Lee.
(Security Affairs – Israeli Public Utility Authority, critical infrastructure)