"It's indescribable helplessness, it's terrible. I felt like thieves broke into my house and trapped me. My website was shut down, customers' personal information was stolen from it. I had to inform all customers to immediately change passwords. It was a blow," describes the digital man Avi Tsadaka.
"It was a shock, a trauma. When I realized that I had lost 13 years' worth of materials, I said that I was closing the office, that I was not able to rebuild everything," recalls Ester Brot, an architectural engineer.
"The cash register didn't work. When I realized it was cyber, a black screen fell on me. The floor shook," says Naama (pseudonym), who owns a butcher shop in the center of Israel.
Avi, Esther and Naama went through cyber attacks, which managed to disable their business.
How do you deal with such an attack?
And how does the state help the attacked?
Spoiler: the state throws everything at the little citizen, even when it comes to an attack that comes from terrorist elements.
All this, even though it is a wide-ranging phenomenon.
One out of every five businesses in Israel found itself under a cyber attack.
According to a July 2021 survey by the Cyber System and CBS, approximately 18% of business owners in Israel have experienced a cyber attack.
In 2022, 9,108 reports of cyber attacks were received at the 119 operational center of the national cyber system.
31% of the reports dealt with phishing, 26% with social networks and 18% with malware.
The rest of the reports dealt with weaknesses in computer systems, penetration into computer systems, bypassing identification mechanisms and damage to functional continuity.
Of course, these are only attacks that have been reported to the formation.
According to a response given to our request to the national cyber system, "we have indications of thousands of additional attacks".
paid and fell
"One day I entered my website and I see that I am no longer the site manager. It was last June. Someone anonymous contacted me in chat and told me that if I want the site to return to my management without harming the customers, I have four hours to transfer NIS 10,000 to him in Bitcoin" , the number of Avi Tsadaka (30) from Bat Yam.
"Dr. LinkedIn" is the name of my father's business, which he has been running for ten years, providing digital and marketing services mainly on the LinkedIn social network, intended for employees and companies in the high-tech community. Given all the digital activity we manage for them.
On this site, customers also left information and passwords for their social networks.
I did not know what to do.
I did some searching on Google, consulted a cyber expert and came to the conclusion that there was no choice but to pay the ransom.
I did not contact the police nor the emergency center of the cyber system, because I understood that they would not do anything,
They will just refer me to a cyber expert that I will have to pay myself.
In the end, the citizen is left alone.
As a citizen you expect to receive protection and support from the state.
It's frustrating that it doesn't happen with cyber attacks."
The attacker gave my father detailed instructions on how to purchase Bitcoin and where to transfer the money.
The money was transferred, but the website did not work again and the attacker cut off contact.
"Usually hackers have a word. I fell victim to a hacker without a word. This is strange and rare. Besides the direct damage of the ransom, I suffered image damage. I informed the clients and felt the impact immediately. Potential clients I was close with backed out at the last minute, and a month after The attack left me with five old customers. The website that was brought down was very expensive. I built it for years and invested a lot of money in it. In the meantime, I set up a temporary free website and switched to individual reporting to customers. Half a year has already passed since the attack, but I still haven't recovered, I still haven't found the strength to set up I estimate the damage as a result of the attack to be at least NIS 100,000."
Were there early signs of an attack?
"In retrospect, I understand that it was. There were several times when I tried to log into social networks, then there were disconnections and I was asked several times to change my password. I did not realize at the time that there was a problem, and I did not increase the security. Today, I am much more careful. I installed antivirus and anti-ransomware software in every The computers. I took a cyber person who gave me tips on how to behave, where passwords should not be left. My awareness has increased a lot. You can say that today I am in a kind of anxiety, and I constantly check the computer."
My father still does not know who attacked him.
"I think it's someone Israeli because the correspondence was in Hebrew, but it could be that because the Hebrew was sloppy, maybe it was a Google translation and it's someone from abroad.
I have no way of knowing.
I didn't bring an expert to check the source of the attack, I didn't want to waste more money on that either."
My father is not aware of this, and like many others, that transferring money to an unknown attacker could be a violation of the law.
"According to the Anti-Money Laundering and Terrorist Financing Law, it is forbidden to transfer money to enemy countries or to terrorist elements. If it is an Iranian ransom attack, for example, it is forbidden to pay the ransom, it is a violation of the law," explains Ram Levy, CEO and founder of konfidas, a defense company and for managing cyber crises, and who in 2011 coordinated the National Cyber Committee in the Prime Minister's Office. "According to our estimates, there are approximately 3,000 successful cyber attacks on companies and organizations in Israel per year.
About half of them are state attacks, meaning they are sponsored by a state, for example Iran.
The Iranians' method is spray attacks.
They try to hack everyone, and what succeeds - succeeds.
They are not picky about their goals.
"In some of the Iranian attacks, you won't get the keys back even if you pay. These attacks have only gotten worse. If in the past we were talking about Hamas and mainly Iran, today you also have a Hezbollah group, and in Iran there are several active groups on behalf of the Revolutionary Guards, and there are also pro activists -Palestinians who operate from different countries. This means that there are between 80 and 100 state attacks a month in Israel. That's a lot. In Israel, half of the cyber attacks have a nationalist component - and the state does not provide any solution to this."
"closing the business"
Esther Brot (37) experienced the lack of a solution up close.
Together with her partner, Orit Shevah, she is the owner and manager of "Gazoztra", an architecture and interior design office in Ofra.
"I came back from a vacation in Paris. I came to the office in the morning, and my employee said she couldn't find the folder with the shared files on the computer. I opened my laptop and it started to sync, and then the folder disappeared on it too. I realized something strange was happening here. I turned on more computers, and I saw on one of the computers All the icons are white and locked. A month ago I already went through such an attack, but then I got out of it easily using the backup in the cloud and the backup drive, and I was happy that I was well protected from cyber attacks.
"I called my husband Necess to quickly disconnect the internet at home, because maybe that way the computers at home wouldn't be damaged. Necess told me that the home computer was already disabled. It turns out that the attack on the office came through the home computer. Due to the corona virus, I allowed remote access to the employees, and then I checked from the home computer how It works. The home computer has fewer protections. Hackers managed to penetrate it, and from there they penetrated the office computers. They also managed to penetrate the backup drive that I purchased for NIS 6,000. They deleted the email of the office and the office employees, so that the file archive and professional correspondence of 13 years They disappeared. When my partner entered the office I told her, 'I'm closing the office. I'm not starting this over.' I find another job."
Esther called two family members who deal with computers, one of them a cyber expert.
They checked the source of the attack and found that it was an attack originating in Iran.
"I called the hotline of the cyber system, and they directed me to their website, where I was advised to contact an IP person, that is: a computer person. This is something I have already done anyway. In addition, they also told me to contact the police. I have not done it yet, because I understood that they would not do it with It's nothing and it's a shame to just waste my time."
What saved "Gazuztra" from closure was the fact that all 30 projects that were in the middle of work, also worked through Google Drive.
"We turned to Google and they gave us excellent service. They run a software that runs it for 48 hours, and it manages to restore all the files we worked on in the last 30 days. That's how we managed to restore two and a half terabytes of material. The problem is that everything came back in a complete mess, so It was very intensive work to organize the materials. For a week we worked only on this. We did not move forward with projects, we did not take on new jobs. It was an extremely traumatic week. A month has passed since the attack, and we still have not returned to routine work. There are files that we could not recover, and I would For example, you have to ask the surveyor to send it again. It's difficult to estimate the damage."
Did you have any thoughts of paying the ransom?
"I did not agree to pay. I heard in groups of architects that there are some who paid 100 thousand shekels. But who said that there is no Trojan horse in the files that they return, and in a year they will attack you again? As soon as the last month's work came back to me and I breathed a little relief, I told myself that I was not ready to negotiate with terrorists. I think this is their next war. It's not a direct harm to human life, when it comes to a business like mine that doesn't deal with saving lives, but it's permanent and paralyzing damage. You're in a state of helplessness, feeling exposed and vulnerable. Instead of hurting us with knives One by one, they hurt us through the computers, and this is a piece of damage."
between the hammer and the anvil
Unlike normal terrorist incidents, where you can claim the property tax and receive compensation for the damage, cyber terrorism has no one to blame the small citizen.
The state not only leaves the citizen to manage the incident alone, but also imposes on him to bear the financial damage alone.
"We think that the state should activate the fund for victims of hostilities also for the benefit of cyber vulnerabilities. There is no reason in the world for Israeli companies to pay out of pocket for nationalist cyber attacks," claims Ram, "the business owners are stuck between a rock and a hard place. They are not allowed to pay ransom to enemy countries or terrorist elements As a cyber company that deals with such crises, we sometimes recommend to our clients to pay the ransom because it reduces the time of managing the crisis and the scope of the damage. In the case of terrorism, it is forbidden to pay, and therefore many times the damage is actually greater. Today there is an option to take out insurance against attacks, And there are business owners who did purchase such insurance, but insurance companies all over the world excluded state cyber attacks from the policy,
So those who are affected by state-sponsored terrorism are forced to face this blow alone.
On top of that, sometimes the state knows about expected cyber attacks, and does not warn the business owners in time.
Add to that the fact that there is no enforcement at all on the subject.
Ask the police how many hackers they caught, the answer is probably close to zero."
Is it possible to clearly prove that a specific attack is motivated by terrorism, and not by criminal motives?
"You touch on an important point. The party that ultimately needs to recognize that the attack was carried out by terrorist elements is the State of Israel. But the State of Israel, unlike the US and England, does not attribute cyber attacks, neither to criminal organizations, nor to terrorist organizations, nor to states.
it's a problem.
When a missile comes out of Gaza and lands in Sderot, the IDF spokesman says who sent the missile. This does not happen in cyberspace. No one came and officially said who attacked the Shirbit insurance company. We checked it privately and proved that it was Iranian hackers, but the state refuses to recognize In this, officially, and thus also disclaiming responsibility for the incident. This must change."
According to an estimate by Microsoft, the global damage as a result of cyber attacks is 6 trillion dollars and is expected to reach 10 trillion dollars in 2025. "The damage in Israel, just from the damage to small businesses, is at least 3 billion shekels," Ram estimates, To take into account the damage to larger or public bodies, for example the damage to Hillel Yaffe Hospital, where only the restoration of the systems cost NIS 36 million.
The State of Israel could have used this amount, 3 billion NIS, to buy an anti-virus and install it for free on all computers and phones in Israel, and also conduct an awareness campaign on how to prevent a cyber attack in advance."
How do you really defend yourself against cyber attacks?
"Cyber hygiene must be observed. It is extremely critical to update the versions of the computers and phones. Attackers look for loopholes in outdated computers. Also, on all important accounts a double password must be set, that is, a two-step password. This is very important. Studies show that the chances of success of an attack When you have a double password, it drops drastically. On top of that, you need to install an anti-virus protection system on your computer, and it also needs to be constantly updated. A lot of the businesses we visit had protection systems, but no one looked at the alerts. It's like installing an alarm at home or detected in a car, and when a burglary occurs, no one pays attention to the alert.
"The state should increase awareness and encourage the installation of protection systems, and also instruct the citizen to pay attention to alerts. As a company, we provide protection services to small businesses. In addition to installing antivirus and activating automatic updates, we also operate a 24-hour hotline that responds to alerts. If there are any An alert that pops up at two in the morning, we have a person who will look at the alert and know what to do with it. In this way, we manage to prevent most attacks or catch them early when they just start. If an attack does occur, we manage the crisis for the business and save it a lot of headache and inconvenience Onim".
Back to the page and the pencil
Naama, the owner of a butcher shop with 13 employees, never imagined that she would undergo a cyber attack.
In February 2021, on a Thursday morning, towards the end of the week when most sales are concentrated, the cashier called her.
"The cash register's computer was shut down. When I realized it was a cyber attack, a black screen fell on me," says Naama, "I called Ram. He is a friend of ours, and from that moment he and his team managed the crisis."
Naama had to make a decision whether she cooperates with the attacker or rebuilds everything, that is, restores data of 4,500 customers.
"The attack came from China, so due to the time difference the attacker did not cooperate in the first hour. I made a decision that I would not wait, and I gave instructions to rebuild the customer information. I had a backup of the data. At first the backup did not work, but then we were able to recover most of the data. Fortunately , I didn't save customer credit numbers, so the attacker couldn't really harm them. At some point the attacker woke up and started negotiating, he demanded a $4,000 ransom. At that point I had already started rebuilding the system, so I didn't pay the ransom. After 12 hours, at eight in the evening, the cash register was back in operation.
"During that Thursday, I had 450 transactions. They were all recorded on a page, and all the customers left with the goods without paying. I trusted them. I already have years of acquaintance with them. My husband told me he doesn't understand how I didn't close the store for two days. It's really not It was easy to keep this record by hand, but the customers were patient and tried to encourage me. Each customer took several items and had to write down an exact weight, with three numbers after the period. Within two weeks I was able to collect all the money from the customers. In the end, even if I didn't lose a single Client, the damage is also mental and the feeling is very difficult. I think I wouldn't have been able to get out of it so quickly on my own, without someone who took all the burden of the professional management of the crisis from me."
***
The cyber system responded:
"The State of Israel has the tools to deal with cyber attacks, and it is necessary to constantly develop the defense mechanisms. We are prepared for any scenario and are working to provide a protective envelope, in the style of a national cyber dome. Many countries in the world experience cyber incidents, which reach the level of a national crisis Horizontal. In Israel we have not yet seen an attack that managed to cause damage on a broad national level. Many horizontal attacks are repelled thanks to the formation of the formation and close protection of critical state infrastructures.
"At this point, we do not have an accurate segmentation regarding cyber vulnerabilities in small businesses, because those who report to the array often report anonymously or do not provide information about the nature of the business. The best way to deal is protection in advance. 80 percent of the cyber attacks reported to the array, especially when it comes to small businesses and private citizens, were They can be avoided with simple, free means, such as frequent software updates and two-step verification for all applications. To this end, the organization conducts an extensive annual information campaign for the general public, as well as information programs in the IDF and the Ministry of Education, and holds joint programs with professional unions.
The array distributes targeted alerts with protection recommendations and identifiers for common attacks.
For every citizen and business that experiences a cyber incident, the system sets up an operational center by dialing toll-free 119, available 24 hours a day, where you can receive initial assistance.
On top of that, the array provides recommendations on the website and networks for businesses and citizens, as well as detailed defense theory."
In relation to the question of why the state does not compensate for cyber damage caused by terrorist factors, the formation stated: "The issue of the one-sided association of an attack in the cyber field is a complex issue all over the world. To the best of our knowledge, there is also no law in other countries in the world for state compensation as a result of a cyber attack. Cyber attacks are coming from a variety of sources - from high school students, from criminal groups and state actors - and many times criminal groups hide behind state groups and vice versa. The methods of attack are repulsive, and organizations must protect themselves regardless of the identity of the attacker."
Photographs: Yehoshua Yosef, Dror Sithakhal, GettyImages
were we wrong
We will fix it!
If you found an error in the article, we would appreciate it if you shared it with us
/cloudfront-eu-central-1.images.arcpublishing.com/prisa/WQEEUVRP3BB57M7LND37U7VREE.png)
