- SMB Spotlight
Hackers successfully hijacked 15 Israeli Defense Ministry computers using targeted malware, according to security firm Seculert. The incident underlines the growing to governments from determined attackers.
Seculert chief technology officer Aviv Raff confirmed the attack during an interview with Reuters. He said the attackers infected the machines using malware-laden email messages.
The messages were reportedly laced with the infamous Xtreme RAT remote access Trojan and were designed to look like they came from Israel's anti-terrorist Shin Bet secret security agency.
Raff said despite successfully sinkholing the attacks, the company is yet to discover what the hackers did after the breach.
He added that the potential damage could be huge as the attackers managed to compromise a machine in the ministry's Civil Administration. This division monitors the movement of goods and people between Israel and the West Bank and Gaza.
The Xtreme RAT malware grants hackers complete control of an infected machine. It lets them execute a variety of commands that can mine data from the machine, or use it as an access point to get further into the victim's network and systems, for example.
It is currently unclear who mounted the attack, though Raff said early evidence suggests a Palestinian group is responsible. At the time of publishing Seculert and the Israeli Department of Defense had not responded to V3's request for a response to Raff's comments.
Security vendors said that the nature of the attack should serve as a warning to other government agencies around the world. Vice president of Global Accounts at Good Technology, Phil Barnett, noted it could have easily been a UK defence agency that fell victim.
"This could just as easily happen to a UK company or agency, or anywhere in the world. Location doesn't matter. It's all about understanding and protecting access points. The better visibility and control that a company has over all of its external access points, the better it can protect against attacks such as these," he said.
FireEye chief technology officer Greg Day warned businesses and government departments to expect further attacks of a similar nature.
"It's no great surprise that email is believed to be the method of infiltration. Whilst we build greater defensive controls, attacks are smart enough to recognise the communications we allow and then exploit the weakness that is hardest to fix: humans," he said.
"We do see such attacks occurring on an all too regular basis and what is key is the timely discovery and containment of such attacks. Organisations will continually be targeted, whether it is from hobbyists, who simply want to see if they are smart enough to get in, through to competing nations looking for intelligence."
State-sponsored cyber attacks are a growing threat facing the public and private sector. Security researchers from CrowdStrike reported a state-sponsored Russian hack campaign targeting the energy sector, codenamed Energetic Bear.