One of the simplest pieces of advice that is often dished out to non-security personnel who work with computers is to be careful with email, paying particular attention to attached files.
The reasoning behind that is simple – attached files can easily be malicious in intent, something the Israeli defense ministry now appear to know all too well.
Chief technology officer Aviv Raff, at Israeli cyber security firm Seculert, said an email sent to the ministry was spoofed to appear as coming from the country’s Shin Bet secret service. It appears that several staff were suckered into opening the message, allowing hackers to take control over 15 computers for a short period of time.
Raff told Reuters that he suspected pro-Palestinians hackers were behind the attack due to the similarities with a similar incident in 2012 which also relied upon malicious attachments sent to staff within the Israeli government.
Whilst the latest attack came from a server in the US, experts analysed the messages that had been sent and discovered many writing and technical similarities with the earlier attack.
According to the BBC, the email tricked users into opening the attachment by using a recent piece of news that would be sure to appeal to Israeli’s – the death of former Prime Minister Ariel Sharon.
In reality the .zip file actually packed the XtremeRat trojan, a piece of malware predominantly used in state surveillance campaigns. According to Seculert, Xtreme RAT has been used against Israel since November 2012, targeting various institutions including law enforcement. At one time the government was even forced to block all internet access from the police force.
As for the motives of this latest attack, Raff was unsure as to what the attackers were hoping to achieve, saying that, “All we know is at least one computer at the Civil Administration was in control of the attackers; what they did we don’t know.”
Raff chose not to identify the other 14 computers that had been targeted by the attackers though an anonymous source suggested that at least some of them may have been associated with companies involved in supplying Israeli defence forces.
Thus far there has been no official word on the attack with Guy Inbar, a spokesman for the Israeli Civil Administration, saying, “We are not commenting on it, we don’t respond to such reports.”
The timing of the disclosure is interesting, given that the current Prime Minister – Benjamin Netanyahu -is set to promote Israeli advances in technology at the World Economic Forum today, something that prompted Raff to say that –
“Unfortunately there is no such thing as 100 percent safety either when it comes to physical risks or information security.”
– which is an important lesson for all of us.
After all, if such a sensitive part of the Israeli infrastructure can be compromised by a dodgy email then how likely is it that you or your family could be duped?
And, if you run a business, can you be sure that your staff have enough security awareness to not engage in such risky computer behaviour?