Tag Archive for: israel

Hamas using ‘BiBi’ malware against Israel

/in


A study conducted by the Israeli cybersecurity company Security Joes, has found a new type of wiper malware in Israel that has the capability to erase computer systems and render them inoperable, which is believed to be used by Hamas terrorists or other hackers affiliated with or working for the terrorist organization.

The malware, was discovered in several Israeli corporate networks, causing significant damage wherever it was deployed. Named BiBi-Linux wiper, the malware can erase and corrupt crucial files in Linux operating systems and cause significant damage. Additionally, the word BiBi (a reference to Prime Minister Benjamin Netanyahu’s nickname) is coded within the malware itself.

2 View gallery

החמאס פיתח נוזקה בשם ביבי לינוקסהחמאס פיתח נוזקה בשם ביבי לינוקס

BiBi-Linux wiper malware can erase and corrupt crucial files in Linux operating systems and cause significant damage

(Photo: Ido Naor, AI)

The hackers may have attempted to send a message through this malware, though it is unclear whether it is merely an attempt to mislead or obscure the malware’s footsteps.

The malware’s characteristics resemble advanced cyberweapons previously developed by other states. A notable example is Shamoon, a malware that was used by Iranian hackers to attack computer systems in the Middle East.

The use of such malware demonstrates an escalation in the capabilities of Hamas supporters who are involved in cyber warfare

Shamoon was reportedly based on cyberweapons that were used to target Iranian entities almost a decade ago, allegedly developed by Israel and the United States, according to foreign reports. It’s unclear if the current malware is a version of an existing cyberweapon or an original development, and its source remains unknown.

The development of such malware requires advanced capabilities, which are typically not found in activist groups or even cyber teams of terrorist organizations. “We identified this malware in a group of Hamas sympathizers. Hamas could have the capabilities to develop such malware, but at the moment, we’re still investigating the group’s capabilities,” according to Security Joes CEO Ido Naor.

The malware’s discovery was made after the company was called upon to assist Israeli companies that were attacked as part of…

Source…

Researchers Identify Iranian Cyberattack on 32 Israeli Firms – Israel News

/in


News

Life and Culture

Columnists and Opinion

Haaretz Hebrew and TheMarker

Partnerships

Haaretz.com, the online English edition of Haaretz Newspaper in Israel, gives you breaking news, analyses and opinions about Israel, the Middle East and the Jewish World.
© Haaretz Daily Newspaper Ltd. All Rights Reserved

Source…

Ransomware Attacks on the Rise Globally and in Israel

/in


Ransomware attacks are becoming increasingly common globally, including in Israel. The recent attack on the Mayanei Hayeshua hospital did not come as a surprise to Bobi Gilburd, Chief Innovation Officer at Team8 and former commander of the 8200 unit’s Cyber Center. Gilburd explains that the key difference lies in an organization’s response and recovery. While some businesses are severely impacted and may even be forced to close, others are able to recover swiftly.

According to Gilburd, ransomware attacks are on the rise, in part due to the introduction of generative artificial intelligence. He emphasizes that the answer to AI-driven attacks is AI itself. Gilburd encourages the use of AI-enhanced security products to counter evolving threats.

Ransomware attacks are widespread globally and are not specifically targeted at certain institutions. Attackers use malware to scan thousands of websites for vulnerabilities. While most attempts may fail, a small percentage may succeed. When conducted on a large scale, these attacks can affect numerous sites.

The attacks often start with phishing, where employees are tricked into opening malicious emails or visiting malicious websites. Education can help prevent such attacks by teaching people how to identify unusual elements in emails. Automatic tools can also block such emails at the corporate level.

If an employee falls victim to a phishing attack, automatic protection products play a role in detecting unusual domain requests and halting the attack. However, in some cases, these defense mechanisms may fail due to outdated or insufficiently powerful products or the exploitation of zero-day vulnerabilities.

When the attack successfully infiltrates the network, protection products within the network should prevent movement between computers and unauthorized access. In the case of Mayanei Hayeshua, this defense mechanism appears to have failed, leading to the widespread spread of the attack.

Once the attack is noticed, affected computers become unresponsive, and the ransomware spreads from one computer to another, encrypting databases. This process can take hours, providing an opportunity to halt the attack by shutting down the server and…

Source…

DDoS attacks rise as pro-Russia groups attack Finland, Israel

/in


Image: Golden Sikorka/Adobe Stock

The pro-Russia hacker group NoName057(16) reportedly claimed it was behind Denial of Service (DoS) attacks against the Finnish parliament’s website on Tuesday, the day the country joined NATO. The country’s Technical Research Centre of Finland was also hacked, according to Finnish news site, YLE. NoName057(16) is the same group that took responsibility for a distributed denial of service attack, taking down the website for the country’s parliament last August, and who also attacked Ukraine, the U.S., Poland and other European countries.

In January, multiple outlets reported that GitHub had disabled NoName057(16)’s account after the group was linked to attempts to hack the Czech presidential election candidates’ websites.

Jump to:

Israel hit by Killnet proxy

This week, Russia-aligned hacktivists also attacked one of the biggest names in security, Check Point, along with universities and medical centers in Israel, the Jerusalem Post reported.

The group called itself “Anonymous Sudan,” but Nadir Izrael, CTO and co-founder of Israel-based asset visibility and security firm Armis, said the attacker is likely aligned with pro-Russia hacktivist group Killnet.

“For the most part the way security companies track these groups is based on the kinds of messages they post and similarities in text and tools,” he said. “The messages that come from these groups are mostly in Russian and English. It’s a bit like how the FBI does profiling: they look for similar MOs and tools, and backtrack to sources. In the case of DDoS attacks you are looking at lots of different devices worldwide from different regions of the world that are all at once trying to access a certain web site.”

He said it is likely that the next attack will occur on April 7, 2023, as part of the annual OpIsrael, when hackers and hacktivists attack Israeli organizations, companies and personalities.

“Even if the disruption itself doesn’t seem prominent, a cyberattack on a government or an organization can create an underlying fear of chaos amongst citizens,” he said, adding that 33% of global organizations are not taking the threat of…

Source…