A huge attack on the supply chain of the State of Israel
A hack into the computers of the software company Amital led to a cyber attack on about 40 Israeli companies in the fields of logistics and imports. No ransom demand is known, so the suspicion is that this is a strategic attack on the state
A serious cyber attack took place last weekend on dozens of companies engaged in shipping and importing in Israel. The attackers managed to break into the servers of dozens of companies and infiltrate Israel’s supply chain. The companies that were attacked are huge companies in the field of logistics and disruption of their activities could lead to damage to the supply of essential products. The information stolen may also be of strategic value to enemy states. As far as is known so far, despite the successful break-in, no ransom demand has been made. Therefore, the suspicion arises that this is a strategic attack for the purpose of obtaining information about the State of Israel and not an attack intended for economic bargaining.
Most of the attack was carried out through Amital, a company that develops software for logistics and forwarding companies. The burglars broke into Amital’s computers, stole her customer list as well as the customer login details, and from there went on to hack into the customers themselves. Calcalist has learned that no less than 40 of Amital’s customers have been harmed and information has been stolen from them at one level or another. Some of the victims are the largest companies in the Israeli economy in the field of logistics and imports, some of whom are shareholders in Amital.
During the investigation into the burglary to Amital, it was discovered that burglaries had been carried out on 15-20 other companies engaged in the field of logistics in Israel and that they were not Amital’s customers. This means that the same hackers continued the information theft campaign in other companies in the field, in what appears to be an orderly and systematic plan for obtaining the information. It is not yet known what Amital’s full list of injured customers is, but some of the company’s customers are engaged in importing sensitive security equipment, which should greatly bother the heads of the defense establishment. Amital has tried in recent days to reduce the severity of the incident and hired a public relations firm to try to reduce the media damage in publishing the affair and dwarf it, but the essential details put the events in a very problematic light.
Among Amital’s customers are several companies that even own it, for example Fritz, whose VP of operations, Rachel Bitton, serves as a director at Amital. Bitton denied to Calcalist any hacking or cyber attack on the company. Other customers are Israel Cargo Logistics, Orian, Mantfield, Friedenson, Amex, Amit and more. One of Amital’s intriguing customers is Mantfield, an importer and exporter of security equipment for the Ministry of Defense. The company states that it is one of the world’s leading international logistics and forwarding networks with 18 international offices and a network of agents in more than 100 countries, and denies any harm or attack on the company.
As part of Amital’s response to the crisis, the company removed its main website and replaced it with a limited site for operational purposes only. Yossi Rahman, director of research at the defensive cyber company Cybrisen, says that “if this is an advanced attack, and not a random infection of the kind that any user may be exposed to, it probably means the extensive offensive intelligence work that preceded the attack.” “Customs brokerage and exports and imports of goods from Israel can be found similar to the Russian attack on Ukraine in 2017 using the worm NotPetya. There, by sticking to accounting software that was common in most businesses in Ukraine, the Russians managed to stop the Ukrainian economy for a long time.”
A senior expert from the cyber industry estimates that there are currently dozens of attacks and cyber incidents in Israel at the same time. According to him, the current wave is one of the largest and strongest in Israel in recent years. Lotem Finkelstein, director of the cyber intelligence department at Check Point, told Calcalist: “It is no coincidence that we are witnessing more and more cyber attacks disrupting the activities of Israeli companies and gaining media attention after directly affecting Israeli citizens. “Progressives recognize the success of others in attacking Israeli organizations and they are interested in taking part in most of the loot. Finally, there are on average about 30 attacks against Israeli companies each week, “but it is too early to determine how the month will end.”
Finkelshtein notes that in the last six months there has been a steady increase in the number of monthly attacks on Israeli organizations. While in July this year there were about 19,000 different attacks on organizations in Israel, in November there were already 33,600 different attacks, an increase of 74%. In the first 12 days of December, 18,300 attacks have already been identified, which may reflect an increase of more than 10% in December compared to November. Of the industries attacked, the public sector was the target of 32% of the attacks, followed by the financial and banking sector with 24% of the attacks and a significant gap in high-tech companies that targeted 5% of the attacks.
Amital responded: ‘About two weeks ago, the company’s defense systems identified attempts to attack the company’s computers and some of its customers. The event is a link in a chain of parallel events at the national level that have been investigated and are being monitored by the national cyber system. As part of the company’s protocol, the company’s defense layers were strengthened and a dedicated IAF was established to address any issue. The company enlists the help of cyber experts to accommodate the event. At this point there is a spot injury. We will be constantly updated with any developments. “
Mentfield responded: “After we learned that there was an intrusion into Amital’s servers, we performed tests on all our systems using a cyber expert and received a green light to continue operating all the servers without fear. Our servers are clean, protected and safe. ”
By Meir Orbach and Golan Hazani (Hebrew), December 13, 2020, published on Calcalist