A broad range of widely used Israeli websites were attacked on Friday and were down for several hours. The websites included the Dan and Kavim bus companies, Clalit Health Services Mor Institute, textiles manufacturer Delta Galil, Birthright (Taglit), The Association for the War on Cancer, Holon Children's Museum, Tornado Air-conditioners, Pegasus Tours, the LGBT dating service Atraf, and others. Data was taken from the sites and some of it published and the hackers have said that if they do not receive $1 million in the next 48 hours they will publish more data.
An organization called Black Shadow, which is associated with Iran, has taken responsibility for the cyberattack, on the Telegram messaging system. The attack took place, according to Black Shadow, via Israeli company Cyberserve, a veteran Israeli company for building websites and cellular apps. However, although Cyberserve's own site was down, not all Cyberserve's websites were downed, including the Mifal Hapayis national lottery and Israel Bar Association websites, which remained unaffected.
The Iranian hackers have also published personal details and data taken from the site of the Kavim bus company, Pegasus Tours, and the Atraf LGBT dating site. Cybersecurity company Konfidas CEO Ram Levy said that the data stolen from Atraf including telephone numbers could be, "Israel's worst ever breach in privacy."
Varonis director of cybersecurity Lior Chen recommended that users whose details have been published and who have similar passwords on other sites should immediately change them.
Black Shadow was responsible for the attack on the website of Israeli insurance company Sharbit last December. In that attack sensitive data like images of ID cards was taken. In March, Black Shadow attacked vehicle financing company KLS Capital.
Israel's National Cyber Directorate said, 'Last year the Directorate warned the company (Cyberserve) several times about a breach that could be attacked. Moreover, the Directorate has a special program providing a 'Mark of Strength' for companies that house sites and which meet protection standards. Companies that will join the program and meet the standards set by the Directorate will reduce the likelihood of being hit by a cyberattack."
Published by Globes, Israel business news - en.globes.co.il - on October 31, 2021.
© Copyright of Globes Publisher Itonut (1983) Ltd., 2021.