CyberGrip owner Adam Feld: Hackers don’t wait. As soon as they learn about a breach, they go into action.”
“It is important to keep in mind that the hackers don’t wait. As soon as they learn about a breach, whether or not it’s reported, they go into action,” said Adam Feld, owner of CyberGrip, a company that provides consultation and advanced cyber defense services. “It is therefore very likely that the attack was planned and executed a few days after WikiLeaks exposed the breach,” he added, referring to the leaking three months ago of the encryption methods used by the US National Security Agency (NSA).
Feld also said, “The fact that hundreds of thousands of computers worldwide, including government agencies and essential infrastructure entities, were exposed for a prolonged period following what happened at NSA demonstrates how important the involvement of a Global agency like CERT is in managing the event like a responsible adult and warning ahead of time about the potential damage. It is also correct to reassess how decisions are made in organizations about the inclusion of defense products, and whether those products that were supported by the research companies really prevented a disaster by offering their own relevant updates in real time.”
Marketing and communications consultant Anat Miron, who has worked with the cyber industry for 17 years, said, “It was interesting to following the activity at the end of last week of the Israel CERT, which hastened to respond to the events responsibly and professionally. After many years in which any change on a home page of obscure websites was portrayed as a ‘cyber attack,’ we have received a small taste of the real meaning of the term. Even if it takes a little time before they manage to investigate the entire event and understand what really happened, it can already be assumed, at least at the macro level, that the attack involved a worm sent a few days after the breach was revealed, and remained dormant waiting for the crucial day, because it is illogical to think that the attackers were relying on an active opening of hundreds of thousands files at the same second.”
“The breach was exposed a month ago, and a security update for it was offered. Organizations that took care to prepare their systems again in advance avoided the attack,” said Eyal Wachsman, CEO of Cymulate, which recently raised $3 million from US investment fund Susquehanna International Group. “Organizations that forgot or ignored the breach, or assumed that it wouldn’t happen to them are now learning how important it is to check yourself daily and hourly, even if you checked the system at the beginning of the day.”
Wachsman added, “Our system detected thousands of computers requiring an update in order to plug up the reported breach, and we’re continuing our recommendation of repeated scans in order to ensure that the systems are proof against any renewed version of the worm. Fortunately, our customers in Israel and around the world reported that an attack on their systems had been attempted, but due to Cymulate’s ability to warn against the weakness six weeks ago, they were not damaged, and the defense systems did exactly what was expected of them.”
Minister of National Infrastructure, Energy, and Water Resources Yuval Steinitz today declared a high cyber alert at Israel’s energy and water resources as a result of the cyber attack. Over the past 24 hours, action was taken at the Ministry of National Infrastructure, Energy, and Water Resources, Israel Electric Corporation (IEC) (TASE: ELEC.B22), power stations, and energy and water infrastructure to strengthen the computer defense and increase the alert in accordance with form taken by the current wave of worldwide attacks.
These actions were coordinated by the Ministry of National Infrastructure, Energy, and Water Resources cyber center founded a year ago in order to protect Israel’s energy infrastructure against a network attack.