Inside Israel’s cyber security operations

[Pelican Press 0]

This is the hidden content, please

• Sign In
• or
• Sign Up

Inside *******’s cyber security operations

*******’s cyber security operations are being conducted in Be’er Sheva, the country’s largest city in southern *******’s Negev desert.

*******’s

This is the hidden content, please

• Sign In
• or
• Sign Up

(Il-CERT) provides a first-line response to companies and citizens affected by cyber attacks.

The

This is the hidden content, please

• Sign In
• or
• Sign Up

is part of a cyber security hub of startup companies, supported by the

This is the hidden content, please

• Sign In
• or
• Sign Up

, high-tech innovation labs and the ******* Defence Forces’ cyber and technology campus.

Some seven

This is the hidden content, please

• Sign In
• or
• Sign Up

(SOCs) operate alongside the CERT, monitoring, detecting and analysing cyber threats across different sectors of the economy, including water and energy, public services, and police and emergency services. Work is underway on another six SOCs.

At the heart of the operation is an emergency 119 telephone hotline available for anyone to phone in reports of anything that could be linked to a cyber *******. That could be a suspicious email, a suspicious URL or malware.

The hotline is widely used by everyone from young people who have been sent a suspicious link on social media to company executives who believe they have been hacked.

By mapping the incidents, the CERT’s cyber security experts are able to see national trends and identify the most critical hacking attempts for the CERT’s response teams.

Executive director

Dana Toren is the executive director of the CERT. A former intelligence analyst and data analyst at the Prime Minister’s office, she is responsible for overseeing the CERT’s operations.

“We need to understand whether incidents are of national importance,” she told Computer Weekly.

An ******* against a small company, for example, could impact many other companies that rely on its services.

Last year, the CERT received 13,000 incident reports, an increase of 43% over the previous year.

data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///ywAAAAAAQABAAACAUwAOw==

In the 270 days since ******* declared war on Gaza, the CERT has identified 1,900 significant cyber attacks against ******** companies, and the nature of the attacks has changed.

Now they are designed to cause damage to ******** infrastructure, and the number of ransomware attacks has increased. Iranian-backed groups seek to publish hacked data on the dark web or ***** it to the media.

Biggest threats

Gaby Portnoy, director general of the ******* National Cyber Directorate (INCD), identifies Iran, Hezbollah and Iranian-linked hacking groups as the biggest cyber threat against *******, and their attacks have become more severe since the war. “Until 7 October, they didn’t ******* hospitals,” he said. “From 7 October, all the ******** hospitals were attacked by Iran.”

Toren said that although Iran plays a big role in attacks against *******, the emergency response team is more concerned with reacting to cyber incursions than identifying who was behind them. “It is difficult to attribute attacks to specific players,” she said. “Everyone uses the same tools. [We are] a defensive organisation. We do not deal with attackers. We only protect industries.”

The CERT’s control room contains work stations for a dozen people and 10 large wall-mounted displays. One display is a map showing real-time cyber attacks collated using intelligence supplied by US-******** cyber security company Check Point.

Another screen displays the websites of companies defaced by hackers. Analysts check them twice a day and alert the organisations impacted.

Since the war started, Toren has increased the number of people working full time at the CERT from 90 to 120 employees.

Organisations that make up *******’s critical national infrastructure, such as water, electricity and hospitals, are legally required to report cyber breaches. But for the others, the 119 phone line is voluntary.

In return for phoning in reports, companies and individuals receive a confidential advice service. For example, the CERT will not report cyber attacks to regulators, or publicly identify which organisations have been hacked.

data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///ywAAAAAAQABAAACAUwAOw==

The CERT provides advice and recommendations to people who call the helpline with cyber security issues.

Its resources are limited, however. It has four teams of incident response investigators making up a response team of only 16 people.

“We need to think carefully before we provide this service,” said Toren, given the CERT’s limited resources.

Teams are only deployed in cases of national importance and where an ******* on one company could pose a threat to a wider industry.

Hack affected 80 companies

In one such case, CERT investigators discovered that an Iranian-linked hacking group had infiltrated a small supply chain company, and had used that company as a stepping stone to infect a further 80 organisations.

The *******, which took place in 2020, had the potential to disrupt oil imports and exports to *******, Toren told Computer Weekly.

“We had three or four calls on 119 who reported they had been attacked,” she said. “At first, we could not find a connection.”

Then a private cyber security response company called to report that an inventory system company had been hacked.

“We immediately contacted them and told them we believe there is a hack in your network,” said Toren. “It was a Friday and we sent an incident response team.”

The investigators were able to identify the signature – or indicators of compromise – of the hacking operation in time to alert the 80 organisations at risk.

The malware was identified as

This is the hidden content, please

• Sign In
• or
• Sign Up

ransomware software associated with the Iranian-linked

This is the hidden content, please

• Sign In
• or
• Sign Up

hacking group.

Vulnerability scanning

Another role of the CERT is to warn organisations about security weaknesses in their computer systems. The INCD stepped up its vulnerability scanning programme following 7 October, said Portnoy.

Hospitals and other critical services have received at least six “******* surface” checks of their networks to identify weaknesses that could be exploited by hackers.

INCD also scans the dark web to identify passwords or other critical information that could expose company networks.

The operation covers 5,000 organisations and some 33,000 IP addresses. “They deep scan the infrastructure to find systems open to vulnerabilities, and we contact them to provide guidance on how to fix them,” said Toren.

Other alerts come from End Point Detection and Response probes placed on organisations’ networks to provide an internal view of their cyber security.

Once the CERT has identified the signature of an *******, known as “indicators of compromise”, they are shared with other organisations on an application programming interface, which can automatically update cyber defences.

But there is a recognition that more needs to be done. ******* began a project to improve its cyber defences in 2021.

Known as Cyber Dome, alluding to *******’s anti-missile Cyber Dome system, it aims to use AI and big data to detect and mitigate attacks as they happen.

At the same time, ******* is stepping up co-operation with other countries on developing cyber defences.

This is the hidden content, please

• Sign In
• or
• Sign Up

#Israels #cyber #security #operations

This is the hidden content, please

• Sign In
• or
• Sign Up

This is the hidden content, please

• Sign In
• or
• Sign Up

For verified travel tips and real support, visit: https://hopzone.eu/