Israel’s Power Authority Network Hit with Ransomware

Reports suggest that someone conducted a cyber attack on Israeli power authority server while another report suggests it was a malware attack with ransomware capabilities. 

In 2013, an Israeli traffic tunnel was hit by a cyber attack causing a lot of financial damage. Now the hackers have conducted another cyber attack but this time on the Israel’s Electricity Authority servers.

Israel’s energy and water minister Yuval Steinitz stated on Tuesday:

“Yesterday we identified one of the largest cyber-attacks that we have experienced. The virus was already identified and the right software was already prepared to neutralize it. We had to paralyze many of the computers of the Israeli Electricity Authority. We are handling the situation and I hope that soon, this very serious event will be over … but as of now, computer systems are still not working as they should.”

The attack was discovered on Monday when Jerusalem residents were hit by an extremely cold wave of weather due to which electricity consumption reached a new record-breaking high, informs The Jerusalem Post.

Yuval Steinitz opines that this attack was the largest computer-based cyber attack that the Electricity Authority has ever experienced and that the members of National Cyber Bureau and his own ministry aptly responded to it by shutting down portions of the country’s electricity grid. However, the energy minister did not clarify who was behind the attacks or how it was carried out.

Moreover, there isn’t any news regarding the results of this attack because none of the news organizations reported about any power disruptions. As per the Electricity Authority representative, some of the computer systems were shut down for two days due to the attack. The Times of Israel revealed that the Electricity Authority department that falls within the Energy ministry of the country is detached from Israel’s Electric Corporation, which is a state-owned utility company.

This attack occurred exactly five weeks after Ukraine’s power grid was attacked and successfully interrupted by the world’s first ever hacker-caused power failure. Experts aren’t yet sure if the malware used during that attack, BlackEnergy, was the main and direct cause of the power outage or not but they do confirm that the malicious malware managed to infect three of the local power authorities.

Researchers believe that the attack was very well coordinated. Like always, it is not easily possible to attribute the attack to any particular group or actor and we probably will have to wait for more news about how this attack was actually launched. According to Dragos Security’s CEO Robert M. Lee,

“Israel has threats that it must consider on a day-to-day basis. Critical infrastructure is constantly the focus of threats as well although there is a lack of validated case studies to uncover the type of activity much of the community feels is going on in large quantities. However, reports of cyber attacks must be met with caution and demands for proof due to the technical and cultural challenges that face the ICS security community.”

“Simply put, there is a lack of expertise in the quantity required alongside the type of data needed to validate and assess all of the true attacks on infrastructure while appropriately classifying lesser events.
Given the current barriers present in the ICS community, the claims of attacks should be watched diligently, taken seriously, but approached with caution and investigated fully.”

While some sources suggest it was a cyber attack Ynet claims that it wasn’t a cyber attack but a malware attack equipped with ransomware capabilities. However, the ransom amount was not disclosed but apparently someone working at the grid station fell for the phishing attack, opened an email and thereby was infected with ransomware which reportedly spread to other computers on the network.

Nonetheless, the attack does raise questions about the level of security that protects the sensitive infrastructures all over the world. Since cyber attacks have become much more insidious and refined, therefore, the prospect of a larger incident is quite likely.

Related Posts