'Enemy cyber threat growing,' warn security experts amid Hamas cyber attacks
September 28, 2018
(JNS) The ability of Israel's enemies to target civilians and members of the armed forces with cyber attacks is growing, security experts have warned.
In August, the Israeli ClearSky cyber-security company uncovered a Hamas phony and irremovable rocket-alert application, which, if downloaded, can take over a smartphone and access its camera, location services and communications.
The malware was timed to coincide with an increase in rocket attacks last month, according to the company.
During the summer World Cup, Hamas hackers tried to install spyware on the phones of Israeli soldiers via fake social-media accounts, which convinced them in downloading spyware applications. The soldiers were asked in fluent Hebrew to install "dating apps" that turned out to be spyware.
"Regarding the threat, as time goes by, the enemy improves. Both in its technological capabilities and in its ability to launch campaigns to lure victims [through] social engineering," the practice of psychologically manipulating people into taking steps that divulge information, explained Col. (ret.) Gabi Siboni to JNS.
Siboni, director of the Cyber Security Program at the Institute for National Security Studies in Tel Aviv, said he saw an improvement in the way hostile cyber actors are using language and in their ability to communicate without arousing suspicions. It is a style that is becoming "more natural, which can increase the chances of the campaign's success," he warned.
"The enemy learns, becomes more advanced, and improves through a range of tools and abilities," said Siboni.
'Low risk, high reward'
Etay Maor, executive security adviser at IBM, said that in many such cases, attackers combine social engineering and open-source intelligence, or OSINT-data collected from publicly available sources for intelligence purposes. "Using such tools," he added, "is not very complicated, but it is very effective."
Last year saw the emergence of the "Mia Ash" case, a fake British woman reportedly created by Iranian state-backed hackers, who used her profile to try and install spyware on targeted users that befriended her on Facebook and LinkedIn.
Hackers can also use such tactics to target soldiers, particularly by using female social-media accounts.
In terms of creating the spyware itself, developing it from scratch requires a certain ability, acknowledged Maor. But in this day and age, such programs are also widely available on the Darknet, he added.
"It really isn't a problem to buy them. It's not like in the past, when one had to build everything from scratch. Today, you can go buy these things and do so with confidence from sellers that have ratings. One can buy these tools safe in the knowledge that they will work," said Maor.
It is also possible to purchase such spyware using the Tor anonymous network and pay for it with bitcoins, he said. Hackers can also purchase delivery systems to inject their spyware into the devices of victims.
"It's low risk, high reward," said Maor.
In terms of responses to the threat, Siboni said the first component lies in increasing public awareness, as well as the awareness of soldiers.
He also called for "hygienic use of computers and smart devices," adding that "increasing awareness is a set and ongoing process. The target audience for awareness campaigns must be wide, starting with children and including adults. Every group should receive messages to increase its awareness in a way that is suitable to the age group."
The second component, according to Siboni, lies with intelligence capability. This means "deepening intelligence capabilities to track down similar campaigns ahead of time and creating an opportunity to thwart threats before they are realized, or provide an alert to the population within a relevant time frame," he said.
Thirdly, technological capabilities are required to provide better ways to deal defensively with similar threats, including installing defensive tools on devices of end users on a large scale, he said.
Maor noted that while many tools are available, vigilance and awareness remain the most important lines of defense.
"Ultimately, if a person does not understand that there is a threat, he or she will fall into it. There is a reason we say the human is the weakest link," he said. "It doesn't matter how many defensive tools are installed. If the attackers reach a person and convince him or her to click on a URL or download a file, we will lose. We must take this into account."