This past April, Iran launched a cyber attack against an Israeli water and sewage facility.
"This was an attack that goes against all codes, even in war," said an Israeli official to Channel 13. "Even from the Iranians we didn't expect something like this. This is an attack that cannot be done."
According to a Fox News report on the attack, Iran used American servers to hack into the Israeli facilities.
A pump went into continuous operation at one site and data was changed at another, report says; but no significant damage or interruption in supplies.
Six facilities were targeted and the hackers did succeed in wiping out information at one site
Foreign correspondent for Fox News Trey Yingst wrote on Twitter: “A senior official at the US Department of Energy declined to comment on any specifics related to an ‘ongoing investigation.’ The official reiterated that the DOE routinely gathers and shares info with private sector partners to protect the US and it’s allies from cyberattacks.”
Israel reportedly responded to the incident with a sophisticated cyberattack on an Iranian port facility, causing widespread chaos in the Islamic Republic.
On Monday the Washington Post, citing foreign and US officials, said Israel was likely behind a hack that brought the “bustling Shahid Rajaee port terminal to an abrupt and inexplicable halt” on May 9.
But the damage was far more severe than Iran acknowledged and was apparently carried out by Israeli operatives, the Post said, quoting a security official with a foreign government that monitored the incident.
The official, who spoke on the condition that his identity and national affiliation not be revealed, called the attack “highly accurate,” the Washington Post said.
In the past, Iranians broke into several U.S. financial institutions and a dam located in Rye Brook, New York.
This past January, Senior government officials and lawmakers warned that Iran may attempt to carry out cyberattacks against the U.S. in retaliation for the killing of Quds Force commander Qassem Soleimani.
"The Iranians have a deep and complex cyber capability, to be sure. Know that we have certainly considered that risk,” Secretary of State Mike Pompeo said on Fox News.
As Iran steps up its cyber attacks against the West, they have shown they will target and have the ability to penetrate commercial facilities such as banks.
They also seem to have an interest in water – going after a dam in Rye, New York and a water facility in Israel.
It is also worth considering hackers have numerous ways of carrying out attacks and they will also go after low hanging fruit or companies which are less secure than others. They also will purchase credentials on the dark web in an effort to more rapidly break into a company's network.
While predicting what hackers will do next is impossible, we know from experience that when weakness is found in an area, hackers will focus on it.
Case in point is today, we learned EasyJet was hacked and 9 million customer records were taken. Last summer we reported the $229 million fine British Airways had to pay to the EU as a result of a GDPR violation after hackers stole the details of about 500,000 customers.
Every company is more at risk from cyberattacks than ever. Today’s cybersecurity report from Verizon reminds us of this fact and has some interesting details worth sharing:
- 86 percent of data breaches for financial gain - up from 71 percent in 2019.
- Cloud-based data under attack – web application attacks double to 43 percent.
- 67 percent of breaches caused by credential theft, errors and social attacks.
As always, we try to learn from these incidents and help others do the same.
Covid-19 has made the cybersecurity posture of companies far worse. Our company, Apex Technology Services recently hosted a webinar with Datto describing best practices companies should follow during these challenging times.
These attacks often start as an email that a user inadvertently clicks on. The best way to combat such an issue is via phishing simulation. This is done by sending messages to users which look like messages a hacker would send. If the user clicks, they are instantly trained. This is the best way to laser target training to those who need it most. We suggest our PHISH360 which is free to use for small businesses.
In addition, our company, Apex Technology Services offers network security assessments which should be done regularly to ensure systems are as secure as possible.
Coronavirus-inspired teleworking and new potential hackers thanks to tech layoffs, means every company needs to be more careful. An organization dealing with a pandemic has enough problems… Adding the financial challenges of a ransomware or other attack, to an already tough situation may be unsustainable for most organizations.
The time to get help is now – before an attack takes place.