Massive hacking attack on Israeli websites

Hackers deface Israeli sites with 'Jerusalem is capital of Palestine' message, attempt massive ransomware attack.

Gary Willig ,

Hacker (illustration)
Hacker (illustration)
iStock

A large hacking attack on Israeli websites was largely foiled over the weekend.

The hackers has attempted to plant ransomware on over one million Israeli web pages, locking users out until they paid a ransom. While the attempt to freeze Israel's internet was thwarted, many web pages were defaced with the words "Jerusalem is the capital of Palestine."

Among the affected sites were the news sites of Makor Rishon and Calcalist, as well as the site of the McDonalds Israel branch.

The hackers used Hebrew website Nagich, which provides services to websites to make them more accessible to disabled users, to attack sites which use Nagich's services. Several websites were rendered unusable for about an hour/

Nagich closed the breach used by the hackers 20 minutes after it was alerted to the attack.

While the damage from the attack appears to have been minimal, analysts noted that over one million pages belonging to Nagich clients could have been affected.

According to hacker Yuval Adam, who was one of the first to discover the attack, the true goal of the attack was to get thousands of Israelis to download ransomware, allowing the attackers to bloc users' access to unprotected files and pages unless they paid a ransom to free their computers.

He warned that the attack, if it succeeded, could have had a devastating impact on Israel's economy.

Ran Bar-Zik, senior software developer at Verizon Media, who researched the attack together with Adam, blamed “incredible negligence, about which warnings have been sounded in the recent past,” for the attack.

He blamed both Nagich and the clients who were affected for failing to take basic actions to protect against this sort of attack.

“The hackers could have caused billions of [shekels of] damage instead of vandalism. The defacing, thanks to our alertness and that of the cyber directorate (and probably to other researchers who reported it), also lasted just a limited time,” he wrote on his personal blog.

The cyber-attack is currently under investigation.



top