Israel Shuts Down Police Computers After Cyber Attack
Israel authorities have banned its police force from connecting to the Internet and from using any external memory disks or sticks in an effort to curb a cyber-attack.
According to report, a malware infection was detected last week, which may also be loaded via USB or memory stick, leading the authorities to take measures against infecting their computer systems.
Police are investigating who is behind the tip and whether the virus is real. A possible second virus called Benny Gantz-55 – named after Benny Gantz, Israel’s Chief of General Staff, is reportedly targeting Foreign Ministry computers.
The malicious emails contained the subject line “IDF strikes militants in Gaza Strip following rocket barrage”, and sent into the organization via a .RAR compressed file attached to an email. The email was sent from the email address bennygantz59@gmail.com.
Security company Trend Micro after investigating samples of the malware suggested that the initial target of the attack was systems within the Israeli Customs agency.
“Based on our analysis, this backdoor is an Xtreme remote access Trojan (RAT) that, like all RATs, can be used to steal information and receive commands from a remote attacker,” Ivan Macalintal, a threat research manager at Trend Micro explains. “The Xtreme RAT appears to have been used in previous attacks targeting Syrian anti-government activists.”
Trend Micro also reported that newest Xtreme RAT version has Windows 8 compatibility, improved Chrome and Firefox password grabbing, and improved audio and desktop capture capabilities features.
Roni Bachar, head of Israeli security firm Avnet said that servers of police department might have been hacked for up to a week before the outbreak was detected but the damage may already have been done.
“It was only late Wednesday night that police realized what happened and ordered that computers be taken offline,” Bachar said. “Apparently the virus was also distributed to other government departments.”
Israel recently set up a cyber-terror task force to stop attacks on its computer system. There have been a number of reports of attempted cyber-attacks in the last several months, including attempt to gain access to Bank Hapoalim’s computer system, wake of Stuxnet, Sony, Citibank, the US National Weather Service and other security stories.
“We have seen RAT-style attacks infiltrating everything from governments to corporate espionage,” says HackANGLE editor Kyt Dotson. “The tactic works best when security is bypassed Trojan style by getting an employee to unwittingly carry the malicious program into the facility either in a piece of equipment (like a mouse or a power strip) or accepting it in an e-mail as in spear-phishing. No doubt, we’ll see an increase in these tactics to infect networks.”
Remote Access Trojans (RATs) provide hackers with unlimited access to infected endpoints. Using the victim’s access privileges, cybercriminals can steal business and personal data. RATs are used to steal information through manual operation of the endpoint on behalf of the victim.
A message from John Furrier, co-founder of SiliconANGLE:
Your vote of support is important to us and it helps us keep the content FREE.
One click below supports our mission to provide free, deep, and relevant content.
Join our community on YouTube
Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.
THANK YOU