According to Israeli tech blog, NewsGeek, Bank Hapoalim is one of the latest Israeli institutions to come under cyberattack [Hebrew]. With attacks continuing to take place by both Israeli and Saudi hackers, Iranian hackers are now believed to have been involved in the latest attack.
While no one has taken credit for the most recent attack on Israel’s largest bank, fingers have been pointed at Iranian hackers. According to NewsGeek’s Editor in Chief, Yaniv Feldman, the attack is most likely in retaliation for the Stuxnet attack, which may have infected up to 16,000 computers in Iran. He adds:
“Our sources confirm that Bank Hapoalim wasn’t the first victim of this so-called Iranian worm. Several other public institutions have already been infected as far as late last week, and at this point, it seems that this is a part of a wider operation against Israeli and other online western targets.”
NewsGeek reveals that the attack began with a spear fishing email sent to the bank’s employees, containing a PowerPoint file. Opening the file infected the users’ computers with a worm, which began spreading inside the bank’s network. According to Feldman’s explanation, the way in which the worm works traces the infection back to Iranian hackers:
“After the infection, the worm tries to communicate with remote servers, traced back to Canada, and if successful, tries to send internally collected information back to those servers. Careful investigation of those servers shows they are registered under Iranian DNS servers.
According to Aarutz Sheva, security officials did trace the attack back to servers in Iran, but added that the Iranian server farm may have been a proxy. The attack attempted to retrieve user information including home and email addresses, but failed due to security measures the bank had in place. Security officials also confirmed that customer information was not compromised as a result of the attack, since the bank’s intranet was not infiltrated.
Up until now, with the exception of uncovering credit card information, most of the attacks have been somewhat superficial. For example, rather than target the actual Israeli or Saudi stock exchange, hackers were only able to disrupt their official websites. The attempt to infiltrate Bank Hapoalim’s network could hint at a far more sinister escalation of attacks.