This Israeli dropout is on the front lines against Iran – Haaretz
Posted By admin on June 25, 2021
The wave of attacks over the last year provided much work for defensive cyber companies like Profero Cyber Security, founded by Omri Segev Myal and Guy Barnhart-Magen. Right now, as were talking, were handling six incidents at once, some of them small, the others big. One of them is a ransomware attack, while another is a classic deception of a CEO by email, which led to the theft of $100,000, says Segev Moyal.
In an interview, Segev Moyal points to several factors that link these attacks - usually but perhaps erroneously considered to be criminal and not political - to Iranians. When we analyzed the logs [a computers activity record] of one of these attacks, we saw that they were looking for specific documents on the [victims] server, for infrastructure or secret military projects. In some cases, we saw that the hacker opened a document, waited for two hours, and then closed it. We think that they were waiting for someone who could read Hebrew.
Further proof that these attacks were not actually aimed at collecting a ransom, says Segev Moyal, is the amount of public attention the hackers tried to pull to their break-ins. This is not typical of your usual cybercrime ransom attacks, in which the extortionist and the victim both have an interest in ending the incident quickly and quietly.
The Iranians try to embarrass Israel by spreading the news, he says. There were cases in which journalists knew about an attack before the victim found out, says Segev Moyal.
The Iranians attack through several groups Black Shadow, which specializes in stealing information and releasing it on Telegram channels it created; Pay2Key, which specializes in ransomware viruses; and Networm, which apparently is a new version of Pay2Key.
Were at war with Iran, and you cant call it a shadow war anymore, says Segev Moyal. Its open warfare. It includes assassinations of key figures, but most of it occurs in the cyber arena.
Are we losing this war?
They have had many successes, not necessarily technical ones, but in marketing, in public relations. Its commonly said that anyone can create a serious cyberattack today. Thats not true. You need a powerful state with technological abilities behind you, infrastructure and organizational military capabilities.
Hamas, with three hackers working in some hole, cant topple Israel. The Iranians would like to disable an entire country, and theyve had some successes. Are they saving special capabilities for a doomsday scenario? Perhaps.
Whats the big secret? How many Iranian attacks have there been so far?
So far, there have been 32 publicized attacks in the last year and a half. These are attacks that were revealed on the websites of cyberattack groups or ones that came to the attention of the media. I count the attack on Amital Data as a single incident, even though 40 companies were affected.
Sending victims an invoice
Profero, founded last year by Segev Moyal and Guy Barnhart-Magen, is what is called an incident response (IR) company, something akin to a rapid-response team in the cybersecurity world. By the time theyre called in, the victim has already been hit, sometimes accompanied by a demand for ransom. We do only that. Were not a consulting firm or one that sells products, explains Segev Moyal. That way, we dont find ourselves in a conflict-of-interest situation. Our job is to enable a company to come out of a crisis in the best manner possible.
There are quite a few cybersecurity companies out there, including ones such as OP Innovate, Clearsky and Konfidas. Such companies reportedly charge between $150 and $800 an hour per person for the services they provide. The price in a big incident can reach hundreds of thousands of dollars, says Segev Moyal. But this is negligible, compared to the cost of a company being paralyzed and the harm to its brand and reputation.
So, is your briefcase always full of equipment?
Always, even the one Im carrying now, although most incidents can be handled remotely. The company has no office. You cant work remotely if its not part of your daily activities. The company employs people in New Zealand, Singapore, Colombia and other countries. At any given moment, there are six people available to tackle an incident. Its faster and more effective than flying someone out, but in some extreme cases we do have to get to the customer.
For competitive reasons, Segev Moyal prefers not to reveal the exact number of people he employs, but it is believed to be more than 20.
Do most attacks come from Iran?
Most of them dont. What we hear in the media relates mainly to Iran. The coronavirus pandemic generated a significant increase in cybercrime since people couldnt go out, and there was hardly any physical crime. Why should I break into a store if I can simply send someone an email and tell them I saw him surfing on a pornography site?
"The cyberattack axis of evil Russia, Ukraine and North Korea encourages cyberhacking companies working from their territory. Even China, which once only engaged in data theft, has expanded to economic crimes. In these countries, it contributes to the local economy since the money goes into the pockets of individuals and companies, who sometimes even pay taxes on it, while slowing down the West.
Is the handling of these cases different?
Totally. In one case where the attacker was the Pay2Key group, the customer had already made the first payment, but then we analyzed the address of the Bitcoin purse the attackers had provided for paying the ransom, and we realized it was coming from Iran. We told the customer to stop, that this was money going to a foreign country that might be financing hostile activities.
And when its a criminal incident?
We check that its not part of a campaign by a foreign government and that there wasnt substantial damage to business and that no information leaked out that required disclosure. If so, the company often decides to pay, with no one finding out about the incident. Chris Kyle, who wrote the book American Sniper, said that despite what your momma told ya, violence does solve problems. So, in contrast to what people tell you, paying ransom sometimes solves the problem. In some cases, we laundered the attacker. The company paid up and the attacker sent an invoice as if it had done a cyber-related consulting job.
Whats the highest ransom ever paid by a company you worked with?
It was $12 million, but there are other cases out there in which much higher amounts were paid. Several sources claim that the Israeli company Tower paid over $10 million in a ransomware attack last year, in addition to the massive cost of having its assembly lines halted at a particularly busy time of the year.
Cyber-hygiene
Segev Moyal admits that hes a strange bird in the cyberworld, and hes probably right. I dont have 12 years of schooling and I wasnt in a tech unit in the army. He grew up in the Haifa suburb of Nesher. He was introduced to computers by his grandfather, a retired worker at the Nesher cement factory.
At the age of 70, he decided that this was the next thing. He bought a computer and started learning programming and teaching his grandchildren at the same time. He bought me a computer against the wishes of my father, who was a battalion commander in the army and didnt understand why I needed one.
When Segev Moyals computer was infected with a virus, he learned how to fix it himself, starting his long romance with the cyber world. While still in the army I got special permission and started working in this area. After the army. he went on a trip to New Zealand. In New Zealand, its easy to get into university after the age of 21, and when I was there, there was a big earthquake and all the foreign students dropped out. I started studying computers and even received a scholarship. I didnt graduate it seemed like a waste of time.
Later in his career, like many people in this field, Segev Moyal set up a product-oriented company called Minerva Labs, which still exists. After five years he felt that the market needed something else. In 2019, I sat down with Guy Barnhart-Magen, who was at Intel at the time, and we recognized that there was a problem in that companies didnt have the technology or people to deal with cyberattacks. We decided to set up a company devoted to such incidents.
A few days ago, Segev Moyal revealed some critical information that has only been known to insiders: A large share of the attacks over the previous 18 months something like half the vulnerability that hackers had been exploiting was via Fortinet, a company whose services are very popular in Israel both as a relatively low-cost paywall and a virtual private network (VPN). A well-known weakness in Fortinet's device was the No. 1 cause of the Iran-backed attacks on Israel that youve heard about," Segev Moyal tweeted.
Isnt it ironic that a device that is supposed to protect networks ended up being the source of a security breach?
Its terrible. These devices, most of which, by the way, are made by medium-sized companies, not first-string players, are very problematic. They give you a sense of security, but it is very difficult to work with a complicated set of rules and lots of vulnerabilities.
Doesnt it seem a little anachronistic to be using a physical device when today there are so many cloud-based solutions, such as Zscaler?
Completely. Using a VPN device today is like buying a horse-drawn carriage. We recommend Zscaler, Cloudflare or any other cloud solution to organizations.
Segev Moyal reveals a list of cybersecurity failures. First, the use of outdated solutions. Second, and more serious, the vulnerabilities in Fortinet products through which Iranian hackers have been known since about 2019 to penetrate networks. If organizations would update their hardware to the latest versions and change passwords frequently, hackers would have a much harder time. But organizations dont do it and leave the door wide open to attacks, he explains.
To be honest, updating a firewall isnt an easy matter, because in a small organization where there may be only one standard it means shutting down temporarily. So, I think they need to move to cloud solutions, which by definition is constantly being updated to the latest version.
Another thing that has been revealed by the wave of cyberattacks is that most security products, including the best-known ones in the market, arent necessarily able to detect attacks and block them. You'd be surprised, but even many of the EDR [the latest generation of end-user solutions] failed to warn of an attack, says Segev Moyal.
Therell be no one left to attack
So what can you do? Segev Moyal answers with one word: Hygiene.
By the term cyber-hygiene, he means a series of Sisyphean operations, such as a complete separation of work environments and networks, procedures for allowing new employees into the network and ensuring they are removed when they leave the organization, regular password updates, permissions and access policies by according to employee category, dual-stage authentication protection (e.g., a password and text message) for accessing sensitive services, encryption of sensitive assets like the main management tool for a big organization's computers and so on.
In most medium-sized organizations, the information systems manager has two options, says Segev Moyal. The first is to separate networks within the organization, to update systems, to manage passwords and to move applications to the cloud in other words, doing a lot of hard, thankless work.
The second option is to have an experienced salesperson come to the company who will recommend certain cybersecurity products and promise they will solve all your problems. For 100,000 shekels, youre set. Thats what most managers choose. But the truth is that that option doesnt stop everything, especially a stubborn attacker. In one incident, we saw the attacker try to penetrate the system 16 times with remote software. Eventually, they succeeded.
Who makes the decision at the end of the day?
There are CEOs that really care about cybersecurity, and they call us directly and consult. But theyre a minority. In a directors course, you learn a lot of things finance, human resources, law but they have only recently begun teaching about cybersecurity.
So, its the managers who are to blame?
Not only them. Compare it to something in the real world. Say that theres a group of armed Iranians entering a park in Tel Aviv, robbing stores and uploading a video of the whole thing to TikTok. Its a matter of national importance. If so, then I say take national responsibility for incidents like that. In the case of the attack on the Shirbit computers, for example, the Shin Bet security service or some other government agency should come and say: This is an anti-Israel act and we are going to help. But here the company is left to fend for itself.
The U.S. The Treasury Department issued a statement in October 2020 prohibiting the paying of ransom to the Lazarus group because it is from North Korea. This made it easier for companies. Why havent we seen anything similar about Iranian ransomware groups? In my opinion, if a company is harmed in an incident like this, it should be compensated by the state.
But we have the National Cyber Directorate. They dont play this role for Israeli companies?
In the incidents with which we have been involved, they sometimes do excellent work and sometimes catastrophic work. But my question is what is their goal. Is it a body intended to protect Israel or is it an arm of the Shin Bet? Its hard to know what they want. They collect information but dont share it. Are they a technical body? An intelligence organization? It always seems that behind it is some kind of undefined interest, but its not the interest of the company thats been attacked. Sometimes I have the feeling they want to keep the conflict with Iran going but on the backburner. Why does the agency report to the Prime Ministers Office and not to the Finance Ministry, for example?
The National Cyber Directorate said in response that, the directorate has launched a new national program, which combines the capabilities of the government with those of private IR companies to help us contend with attacks. We invite everyone who has not yet joined to take part in the program, take advantage of our rapid information-sharing system and get to know the added value of what we do."
Segev Moyal says he thinks that things will get worse before they get better. In the last few weeks, weve seen the attack on the Colonial Pipeline in the U.S., production stopped at the JBS meat plant and attacks on health care institutions. I think that hackers dont have a lot of places left to attack, so theyre going to more sensitive places, like security installations, factories and hospitals.
Countries will have to recalibrate, as they did when they cooperated to stop money laundering. It will happen when they come to realize that ransomware attacks are harming productivity. "
Excerpt from:
This Israeli dropout is on the front lines against Iran - Haaretz
- RIL seeks permission to fly in Israeli experts for training and installation - Mint [Last Updated On: May 8th, 2021] [Originally Added On: May 8th, 2021]
- Israel's Version of Moving Fast and Breaking Things: The New Cybersecurity Bill - Lawfare [Last Updated On: May 8th, 2021] [Originally Added On: May 8th, 2021]
- Intel to invest $600 mln to expand chip, Mobileye R&D in Israel - Reuters [Last Updated On: May 8th, 2021] [Originally Added On: May 8th, 2021]
- Israel's ban on travel to 7 countries over COVID variants takes effect - The Times of Israel [Last Updated On: May 8th, 2021] [Originally Added On: May 8th, 2021]
- Israel may toss millions of vaccines. Why won't it give them to the PA instead? - The Times of Israel [Last Updated On: May 8th, 2021] [Originally Added On: May 8th, 2021]
- Most of Israel Is Getting Back to Pre-Covid-19 Life. Not This Town. - The Wall Street Journal [Last Updated On: May 8th, 2021] [Originally Added On: May 8th, 2021]
- Netanyahu Opponent, Yair Lapid, Given 4 Weeks To Form New Government In Israel - NPR [Last Updated On: May 8th, 2021] [Originally Added On: May 8th, 2021]
- Opinion | For the Sake of Peace, Israel Must Rout Hamas - The New York Times [Last Updated On: May 20th, 2021] [Originally Added On: May 20th, 2021]
- GOP resolution backs Israel's 'right to defend itself,' omits call for cease-fire - Fox News [Last Updated On: May 20th, 2021] [Originally Added On: May 20th, 2021]
- In pictures: Fire and thunder fill the night sky as Israels Iron Dome is tested. - The New York Times [Last Updated On: May 20th, 2021] [Originally Added On: May 20th, 2021]
- Israeli TV reporters face attacks and threats from Jewish extremists - The Guardian [Last Updated On: May 20th, 2021] [Originally Added On: May 20th, 2021]
- As Hamas Rockets Rain on Israel, Iron Dome Proves It Can Withstand the Barrages - The Wall Street Journal [Last Updated On: May 20th, 2021] [Originally Added On: May 20th, 2021]
- Biden, the Democrats and Israel - The Wall Street Journal [Last Updated On: May 20th, 2021] [Originally Added On: May 20th, 2021]
- Israels highly effective Iron Dome gets heavy funding by US, Biden urged to review assistance - Fox News [Last Updated On: May 20th, 2021] [Originally Added On: May 20th, 2021]
- Opinion | The Unshakable Bonds of Friendship With Israel Are Shaking - The New York Times [Last Updated On: May 20th, 2021] [Originally Added On: May 20th, 2021]
- Israel's Iron Dome has blocked thousands of incoming rockets. Here's how it works. - CBS News [Last Updated On: May 20th, 2021] [Originally Added On: May 20th, 2021]
- Israel and Hamas May Reach Cease-Fire Soon, Officials Say - The New York Times [Last Updated On: May 20th, 2021] [Originally Added On: May 20th, 2021]
- Israel-Hamas Conflict: Live Updates - The New York Times [Last Updated On: May 20th, 2021] [Originally Added On: May 20th, 2021]
- Opinion | Bernie Sanders: The Approach the Israel-Palestine ... [Last Updated On: May 20th, 2021] [Originally Added On: May 20th, 2021]
- History of Israel - Wikipedia [Last Updated On: May 20th, 2021] [Originally Added On: May 20th, 2021]
- Israel is the Jewish people's ancient home. We will always defend ourselves from Hamas. - USA TODAY [Last Updated On: May 27th, 2021] [Originally Added On: May 27th, 2021]
- Muslim nations ask UN to form unprecedented permanent panel to critique Israel - The Times of Israel [Last Updated On: May 27th, 2021] [Originally Added On: May 27th, 2021]
- The Indian Left selectively raged against Israel even as Turkey bombed its way into the annals of a barbaric h - Economic Times [Last Updated On: May 27th, 2021] [Originally Added On: May 27th, 2021]
- IDF: Nasrallah tried to threaten Israel, looked weak and sick instead - The Jerusalem Post [Last Updated On: May 27th, 2021] [Originally Added On: May 27th, 2021]
- First foreign tourists in more than a year land in Israel - Reuters [Last Updated On: May 27th, 2021] [Originally Added On: May 27th, 2021]
- The Costly Success of Israels Iron Dome - The Atlantic [Last Updated On: May 27th, 2021] [Originally Added On: May 27th, 2021]
- Israel coalition talks: Lapid and Gideon Sa'ar resume negotiations halted during Gaza fighting - Haaretz [Last Updated On: May 27th, 2021] [Originally Added On: May 27th, 2021]
- More Than 30 Dead in Gaza and Israel as Fighting Quickly Escalates - The New York Times [Last Updated On: May 27th, 2021] [Originally Added On: May 27th, 2021]
- Israel spied on Mizrahi Jews, then tried to hide it - Haaretz [Last Updated On: May 27th, 2021] [Originally Added On: May 27th, 2021]
- Opinion | The Discrimination Palestinian Citizens of Israel Face - The New York Times [Last Updated On: May 27th, 2021] [Originally Added On: May 27th, 2021]
- Israeli illustrators commemorate the child victims of the Gaza war - Haaretz [Last Updated On: May 27th, 2021] [Originally Added On: May 27th, 2021]
- Israel Has Become The 1st Country To Ban The Sale Of Most Fur Clothing - NPR [Last Updated On: June 16th, 2021] [Originally Added On: June 16th, 2021]
- Israeli Aircraft Bomb Gaza Just Days Into New Government - The New York Times [Last Updated On: June 16th, 2021] [Originally Added On: June 16th, 2021]
- Israel: Netanyahu alleges election fraud as political ... [Last Updated On: June 16th, 2021] [Originally Added On: June 16th, 2021]
- Israelis march in east Jerusalem in test for new government [Last Updated On: June 16th, 2021] [Originally Added On: June 16th, 2021]
- Lab-grown chicken for humans and pets in Israel - Livemint [Last Updated On: June 23rd, 2021] [Originally Added On: June 23rd, 2021]
- Release the transcripts of Israel's COVID cabinet meetings - Haaretz [Last Updated On: June 23rd, 2021] [Originally Added On: June 23rd, 2021]
- How Israel's missing constitution deepens divisions between Jews and with Arabs - The Conversation US [Last Updated On: June 23rd, 2021] [Originally Added On: June 23rd, 2021]
- Dreams in the Rubble: An Israeli Airstrike and the 22 Lives Lost - The New York Times [Last Updated On: June 23rd, 2021] [Originally Added On: June 23rd, 2021]
- Israel Strikes Militant Targets in Gaza After More Arson ... [Last Updated On: June 23rd, 2021] [Originally Added On: June 23rd, 2021]
- Demographics of Israel - Wikipedia [Last Updated On: June 23rd, 2021] [Originally Added On: June 23rd, 2021]
- Israel - Facts, History & Conflicts - HISTORY [Last Updated On: June 23rd, 2021] [Originally Added On: June 23rd, 2021]
- Israel | Facts, History, Population, & Map | Britannica [Last Updated On: June 23rd, 2021] [Originally Added On: June 23rd, 2021]
- Israel - Wikipedia [Last Updated On: June 23rd, 2021] [Originally Added On: June 23rd, 2021]
- Israel says the Delta variant is infecting vaccinated people, representing as many as 50% of new cases. But they're less severe. - Yahoo News [Last Updated On: June 25th, 2021] [Originally Added On: June 25th, 2021]
- Israel Is Sending Robots With Machine Guns to the Gaza Border - Daily Beast [Last Updated On: June 25th, 2021] [Originally Added On: June 25th, 2021]
- Israels new government agrees on only one thing: Booting Netanyahu - Brookings Institution [Last Updated On: June 25th, 2021] [Originally Added On: June 25th, 2021]
- Israel's 'first lesbians.' It hurts when you're all alone in the world - Haaretz [Last Updated On: July 3rd, 2021] [Originally Added On: July 3rd, 2021]
- What's ahead for Francis Ngannou, Israel Adesanya and every other UFC champion - ESPN [Last Updated On: July 3rd, 2021] [Originally Added On: July 3rd, 2021]
- For 20 years he was one of Israel's only paparazzi. Then the iPhone was invented - Haaretz [Last Updated On: July 3rd, 2021] [Originally Added On: July 3rd, 2021]
- Don't Call What Israel is Doing Apartheid | Opinion - Harvard Crimson [Last Updated On: July 3rd, 2021] [Originally Added On: July 3rd, 2021]
- Inaugurating embassy in UAE, Israel tells region: 'We're here to stay' - Reuters [Last Updated On: July 3rd, 2021] [Originally Added On: July 3rd, 2021]
- Million Pfizer jabs face being dumped after Israel-UK swap deal fails - The Guardian [Last Updated On: July 3rd, 2021] [Originally Added On: July 3rd, 2021]
- Demolitions begin in occupied East Jerusalems Silwan - Al Jazeera English [Last Updated On: July 3rd, 2021] [Originally Added On: July 3rd, 2021]
- Three Middle East countries led the world on vaccines early. Then they went in different directions - CNBC [Last Updated On: July 3rd, 2021] [Originally Added On: July 3rd, 2021]
- Protecting Israels Arabs has become a matter of coalition talks - Haaretz [Last Updated On: July 3rd, 2021] [Originally Added On: July 3rd, 2021]
- Scientists have revived extinct Israeli wheat strains. Now comes the taste test - Haaretz [Last Updated On: July 3rd, 2021] [Originally Added On: July 3rd, 2021]
- 19-year-old shot dead in Nazareth is 42nd Arab victim of gun violence in Israel this year - Haaretz [Last Updated On: July 3rd, 2021] [Originally Added On: July 3rd, 2021]
- New Israeli GPS nano-drug busts inflammation, touted as antibody replacement - The Times of Israel [Last Updated On: July 5th, 2021] [Originally Added On: July 5th, 2021]
- In Israel, its not just rabbis who dont know math and science - Haaretz [Last Updated On: July 5th, 2021] [Originally Added On: July 5th, 2021]
- Israel's wealth fund delayed again as tax revenue still short - Reuters [Last Updated On: July 5th, 2021] [Originally Added On: July 5th, 2021]
- Are Israel's new ministers trying to show they hate Arabs more than the far right? - Haaretz [Last Updated On: July 5th, 2021] [Originally Added On: July 5th, 2021]
- Reporting on Israel: Thirty years on, we are still covering the same old enmities - The Guardian [Last Updated On: July 5th, 2021] [Originally Added On: July 5th, 2021]
- Israel to vote on renewing law that keeps out Palestinian spouses - Al Jazeera English [Last Updated On: July 5th, 2021] [Originally Added On: July 5th, 2021]
- The story of Israels first trans woman, who resorted to operating on herself - Haaretz [Last Updated On: July 13th, 2021] [Originally Added On: July 13th, 2021]
- New national security adviser said to have seen Iran nuke deal as lesser evil - The Times of Israel [Last Updated On: July 13th, 2021] [Originally Added On: July 13th, 2021]
- Boulders host Team Israel in long-awaited exhibition baseball game before Olympics - The Journal News [Last Updated On: July 13th, 2021] [Originally Added On: July 13th, 2021]
- Israeli businessman charged with contacting foreign agent, passing info to Iran - Haaretz [Last Updated On: July 13th, 2021] [Originally Added On: July 13th, 2021]
- Israel to withhold $180 million in Palestinian funds over militant stipends - Reuters [Last Updated On: July 13th, 2021] [Originally Added On: July 13th, 2021]
- More than 1,000 Israelis test positive for COVID - The Jerusalem Post [Last Updated On: July 19th, 2021] [Originally Added On: July 19th, 2021]
- Israeli baseball team plays exhibition game in Aberdeen before leaving for Tokyo - WBAL TV Baltimore [Last Updated On: July 19th, 2021] [Originally Added On: July 19th, 2021]
- Israel is offering a third Pfizer shot amid spiking cases, even as the U.S. says it's not yet needed - CNBC [Last Updated On: July 19th, 2021] [Originally Added On: July 19th, 2021]
- Where Are the Fans for Israels National Baseball Team? In New York. - The New York Times [Last Updated On: July 19th, 2021] [Originally Added On: July 19th, 2021]
- Israels psychological torture of Palestinian prisoners and their families - Haaretz [Last Updated On: July 19th, 2021] [Originally Added On: July 19th, 2021]
- Israels Surprising Consensus on the Palestinian Issue - The Wall Street Journal [Last Updated On: July 19th, 2021] [Originally Added On: July 19th, 2021]
- Israel plans to tax disposable plastic in bid to reduce use - Associated Press [Last Updated On: July 19th, 2021] [Originally Added On: July 19th, 2021]
- Israels PM is playing with fire on the Temple Mount - The Times of Israel [Last Updated On: July 19th, 2021] [Originally Added On: July 19th, 2021]
- Ben & Jerry's Says It Will Stop Ice Cream Sales In Occupied Territories - NPR [Last Updated On: July 19th, 2021] [Originally Added On: July 19th, 2021]
- Israel Orders Its Diplomats to Feud With Ben & Jerry's - The Daily Beast [Last Updated On: July 28th, 2021] [Originally Added On: July 28th, 2021]
- Opinion | What Ben & Jerrys Has to Do With Israel and Cybersecurity - The New York Times [Last Updated On: July 28th, 2021] [Originally Added On: July 28th, 2021]
Comments