Israel has managed to dodge two massive cyberattacks, according to data collected by Kaspersky Lab, the Russia-based cybersecurity firm that discovered the mega Flame and Stuxnet viruses several years ago.
This past week, Kaspersky Lab’s Global Research and Analysis Team (Great) reported a major cross-border hacking attack called the Equation Group, which Kaspersky said was worse than any attack ever encountered. A spokesperson for Kaspersky Israel said the malware operation missed Israel, particularly its banks, but hit nearly every other country in the Middle East.
The group of trojans and viruses have been infecting systems for over a decade, according to the research team. Among the tools used by the Equation Group: Malware that can rewrite a hard drive’s operating system – the first such malware ever seen that can do this – ensuring that hackers can control a hard drive even if it is completely erased and reformatted. It also includes malware that is able to collect data about a computer even when it is not connected to the Internet by using a flash drive, and sends that data to a remote hacker-run server when the flash drive is plugged into a computer with a web connection.
Since 2001, the Equation Group has been infecting thousands, or perhaps even tens of thousands of victims, in more than 30 countries worldwide, targeting government and diplomatic institutions, as well as such sectors as telecommunications, aerospace, energy, nuclear research, oil and gas, finance, military and nanotechnology.
Among the most infected by the Equation Group are Iran, Syria, Pakistan, Russia and China, while most Arab countries are listed with a “moderate” infection rate. The US has a low infection rate; Israel, along with most European countries, Canada and Australia, is listed as having avoided any attacks by the malware.
Meanwhile, in another report, Kaspersky Lab described what may go down as the biggest bank robbery of all time. Using a phishing scam technique – for example, an official-looking e-mail sent to bank employees with a Word document that, when opened, surreptitiously installed malware that allowed hackers access to systems. The hackers were able to navigate bank networks, manually looking for important data on accounts, amounts deposited and other relevant information.
Among that information were key codes to ATMs and SWIFT network bank codes used to transfer money electronically between banks in different countries. As a result, criminals were able to transfer large sums of money electronically into fake accounts, and then cash them out, as well as sending signals to specific ATMs so that they could withdraw money.
Based on the information it has collected so far, said Kaspersky, this Carbanak cybergang has hit about 100 top financial institutions worldwide, and has stolen as much as a $1 billion dollars total. Many of the cyber robberies targeted banks in the US, Germany and China, and several African countries, Kaspersky said. The first attacks were recorded in August 2013, with the biggest attacks – and the biggest payouts – in June 2014.
“We received a warning few months ago about the threat and alerted the relevant institutions,” said Noam Froimovici, CEO of Kaspersky Israel. “As far as we know, no Israeli bank was affected.”
Isaac Ben-Israel, head of the Tel Aviv University’s Yuval Neeman Workshop for Science, Technology and Security, said that Israeli government agencies and institutions alone are victims of hacking attempts between 100,000 and a million times a day, depending on events, with the higher number occurring during times of increased tension, such as last summer’s Operation Protective Edge.
“We’ve shown we can stand up to attacks,” said Ben-Israel. “As a cybersecurity power, Israel has been able to develop effective defenses against attacks of all kinds.”