Summary of the year 2020 – the national cyber Directorate in Israel

An annual summary that reviews the main activities of the Directorate for 2020

The National Cyber Directorate is a national, security and technological entity entrusted with the protection of the national cyber dimension and the advancement and establishment of Israel’s capabilities in the field. The annual summary reviews the main activities of the national cyber Directorate in 2020, here is a an executive summary:

• The COVID-19 virus that has spread around the world during this year has been accompanied by a dramatic increase in the scope and quality of cyber attacks worldwide as well as in Israel.

• Alongside these, a number of trends and changes in technological targets for attacks have also been identified this year, including: supply chain attacks, utilization of authentication mechanisms for gaining access to cloud resources, use of Wiper damages, use of methods to disguise attacks to obscure traces and stop counterattacks and more.
• In the field of critical national infrastructures, this year the Directorate authorized 40 critical systems in these bodies and further strengthened their level of protection. This year, too, no damage was reported from cyber attacks on these infrastructures.
• In the past year, the Directorate has conducted a number of events on a national scale, the two main ones: the operation to protect the 23^rd Knesset election campaigns and assistance with increased protection of the Israeli health system during the COVID-19 period, in which there has been a significant increase in attacks.
• During the year, the unit dealt with the detection, identification, inclusion and disposal of significant cyber attacks against companies and entities in the Israeli economy. The sectors in which the most attempts to attack were observed: technology, energy, government, finance, academia and health, as well as supply chain companies.
• During the year, all types of attacks were observed: attacks for the purpose of stealing CNE information, attacks for compromising the availability and reliability of CNA information, CNI impact attacks and financial attacks that include infidels and social engineering for the benefit of Cyber Crime.
• As part of the working method and construction of defense mechanisms, the Directorate also investigated tools, methods and techniques used by attackers.
• During the year, the unit dealt with the detection, identification, inclusion and disposal of significant cyber attacks against companies and entities in the Israeli economy. The sectors in which the most attempts to attack were observed: technology, energy, government, finance, academia and health, as well as supply chain companies.
• During the year, all types of attacks were observed: attacks for the purpose of stealing information, attacks for compromising the availability and reliability of information, impact attacks and financial attacks that include infidels and social engineering for the benefit of Cyber ​​Crime.
• As part of the working method and construction of defense mechanisms, the Directorate also investigated tools, methods and techniques used by attackers. Among the methods observed and researched: SSH Tunneling, an increase in the use of WebShells tools, the use of ransomware infidels and Wiper deletion tools, the use of legitimate shelf tools and system tools or an attack in the Living-off-the-Land outline, attacks using known vulnerabilities and more.
• In the past year, the trend of public use and rapid exploitation of VPN security vulnerabilities continued to strengthen and the Directorate worked to reduce these weaknesses and other significant broad weaknesses in enterprise systems such as Mobileiron Exchange servers, ZeroLogon and vulnerabilities in Sharepoint servers. The Directorate made proactive inquiries to organizations about the 6,750 vulnerabilities found in their systems.
• This year, the Directorate distributed 170 broad alerts as well as 120 organization or sector-targeted alerts. During the year, about 360 vulnerabilities in specific applications or organizations’ organizations were reported to the Directorate by “white hat” security researchers.
• The operational center for reporting cyber incidents of the Directorate received more than 14,000 reports, inquiries and alerts this year, of which over 9,000 of the reports turned out to be cyber incidents. 50% increase compared to last year.
• The Directorate harnesses the technology through a variety of projects and technological developments that aim to provide a broad and national protection envelope. Among the systems developed or put into operation this year: a system that analyzes a wide range of measures to examine the extent of the organization’s assessments for dealing with cyber attacks and recommends courses of action; A system for managing cyber intelligence and its analysis on a large scale; A comprehensive system for reducing exposures in the economy; Ability to mechanize the transmission of information about threats and attacks in a cybernetic system; A plan to create a protective shell for small and medium-sized businesses; Motivating the establishment of a national ICS laboratory that will specialize in the field of OT / SCADA and more.
• This year, the Directorate also promoted a number of national technological projects: the continued promotion of the Hercules project for mapping systems in the field of aviation; Characterization of a cyber defense response in the field of digital medicine; Response to cyber protection for 5G readiness, cyber protection response to regional clouds for Israel, cyber protection in the marine world, safe artificial intelligence, supply chain protection, atomic clock and increasing the number of sector SOCs operating in the national CERT.
• In working with organizations, horizontal activity was carried out in the regulated sectors of the economy to create a sectoral cyber policy that is coordinated for each sector. In dealing with the dangers that the corona crisis brought with it, the unit conducted a campaign to raise walls with the various organizations in Israel and maintain their value chain. In response to the increased attempts to attack the water and energy sectors, the Directorate carried out massive activities in front of hundreds of entities and companies in the economy to close weaknesses and vulnerabilities in order to proactively reduce the attack surface.
• This year, the Directorate developed a variety of application tools for organizations: cyber protection recommendation guides; A unique cyber calculator that allows self-examination of the level of cyber protection in the organization; Working groups on various topics; National questionnaire for working with external suppliers; The Defense Theory module was made available to the public this year in an interactive tool and more.
• In working with civilians, the Directorate has published more than 20 guides and defense recommendations for citizens to raise awareness of the importance of safeguards and has issued dozens of warnings related to cyber threats to technologies used by the general public. In addition, this year, for the first time in Israel, the “Cyber ​​Defense Week” is held in order to strengthen the level of personal protection of citizens.
• In the field of safe identification and biometrics, the Directorate published two reports; the National Laboratory for Biometric Applications was established and tested; guidance and control was provided to entities and regulators that make biometric information; A national concept for integrating biometric technologies for the reliable identification of those entering and leaving the country and more.
• In the field of international cooperation, the channels of communication and effective working relations with foreign partners have expanded bilaterally and internationally, the cooperation and operative dialogue have been expanded with more than 90 countries and international organizations. Following the “Abraham Agreements”, the existing connection between the cyber Directorate and the United Arab Emirates and Bahrain became stronger and became visible and public.
• During the year, the unit led the development of a platform that enables information sharing between member countries for the fight against the Corona virus, promoted assistance to many partners in human capital development aspects for cyber protection, critical infrastructure protection, assistance in building national cyber monitoring centers and more.
• The Directorate works to preserve the leadership of the Israeli cyber industry through grants, access to knowledge and infrastructure, as well as exposing the industry to foreign markets and customers. This year, the industry recorded significant achievements with more than 20 purchase transactions with an estimated cost of about $ 4.7 billion, 5 new Israeli unicorns, investments in Israel, huge fundraising and more.
• The unit defined the issue of human capital development in the field as a central goal, so this year it promoted and supported a number of training programs in which hundreds participated. In addition, the Directorate has developed online courses designed for the general public free of charge.
• The Directorate works to establish the city of Be’er Sheva as a unique center in the field of cyber. Today, the high-tech park employs about 600 men and women in the cyber field.
• In the areas of public policy, this year the Directorate promoted cyber damage insurance, regulatory policy, methods from the field of behavioral economics, various activities to strengthen the level of cyber protection in local authorities, a cyber protection survey in organizations and more.
• The work plan for 2021 includes, among other things: promoting the resilience of the economy by reducing the areas of attack; Implementation of operational protection in cyberspace; Development of capabilities and technologies in the field of cyber protection; Preparing for the evolving technological environment; Promoting interests in the international system for protection and leadership and more.

.

By the Israeli National Cyber Directorate Webpage (Hebrew)