Israel’s Minister of Infrastructure, Energy and Water, Yuval Steinitz, has revealed that the country’s electricity supply was hit by a major cyber attack, with reports in the country indicating that ransomware was behind the attack.
Speaking at Israel’s cyber security showcase, CyberTech 2016, Steinitz said "Yesterday [Monday 25th January 2016] we identified one of the largest cyber attacks that we have experienced."
Despite the size of the attack against the country’s critical infrastructure, Steinitz said that "The virus was already identified and the right software was already prepared to neutralize it."
"We had to paralyze many of the computers of the Israeli electricity authorities. We are handling the situation and I hope that soon, this very serious event will be over," he said. Computers were shut down for two days, only coming back online on January 26th.
Israel’s Electricity Authority confirmed the attack to journalists in the country, which comes in the midst of a harsh winter in Israel.
Writing a response on the Sans Industrial Control Systems blog, Dragos Security CEO Robert Lee said that he had been contacted by an Isreali cyber analyst and been informed that "The "Israel Electric Authority" the Minister mentioned is in no way related to the networks of the Israeli electric companies, transmission, or distribution sites."
Lee raises speculation around the data and context of the attack and said that the "discussion around the choice by the defenders to take systems offline indicates a normal procedure in terms of incident response and malware containment."
Speaking at the conference Steinitz said that it demonstrated "the sensitivity of infrastructure to cyber-attacks, and the importance of preparing ourselves in order to defend ourselves against such attacks."
It is not known who carried out such an attack, as the minister did not pass any comment on this. Instead he said: "We need cyber tech to prevent such attacks. Cyber-attacks on infrastructure can paralyze power stations and the whole energy supply chain from natural gas, oil, petrol to water systems and can additionally cause fatalities.
"Terrorist organizations such as Daesh, Hezbollah, Hamas and Al Qaeda have realized that they can cause enormous damage by using cyber to attack nations."
Lee points out that "Israel has threats that it must consider on a day-to-day basis. Critical infrastructure is constantly the focus of threats as well although there are a lack of validated case-studies to uncover the type of activity much of the community feels is going on in large quantities."
Lewis Henderson, VP Product, Glasswall Solutions told CBR that the attack "demonstrates how unprepared the industrial world is for these attacks and how sensitive infrastructure truly is to cyber-attacks. Whilst this incident didn’t result in power outages, it highlights that attackers are becoming increasingly sophisticated, are proactively attacking critical national infrastructure to spread fear and disruption,
The fact that a sophisticated country like Israel could so quickly become disconnected should act as a warning of how advanced hackers have become in gathering knowledge to bolster their ‘digital weapons’."
Attacks against critical infrastructure are of increasing significance. An attack against the Ukraine power grid on December 23rd was thought to be the first time that a cyber attack had actually taken out a power supply, and left many thousands of Ukrainians without electricity.
At the time of the Ukraine attack, Andrew Tsonchev, Darktrace Senior Cyber security Specialist, told CBR that the attack "marks a shift to the first time that cyber attacks can have more than just a financial or reputational damage" told CBR at the time.