In-brief: Reports of a crippling cyber attack on the power grid in Israel appear to have been greatly exaggerated, as subsequent reports point to a simple ransomware outbreak on the office network of an industry regulator.
The world is freaking out today over news out of Israel that something called the Israel Electric Authority was the target of a “severe cyber attack” that resulted in many of the computer systems used by the Authority being “paralyzed.”
The reports follow a story in the Times of Israel quoting Israeli Energy Minister Yuval Steinitz at a Tel Aviv cyber security conference. It comes amidst a cold snap in the country that is causing power demands to spike, and just weeks after an apparent cyber attack on power substations in The Ukraine darkened some 80,000 households.
“This is a fresh example of the sensitivity of infrastructure to cyberattacks, and the importance of preparing ourselves in order to defend ourselves against such attacks,” Steinitz is quoted saying in the Times of Israel report.
But the events in Israel may be far more quotidian than Steinitz comments or the sensational headlines that follow would suggest. Rather than a crippling cyber attack on the country’s grid, the incident Steinitz referred to appears to be a ransomware outbreak on PCs and notebook computers used by staff at a government agency.
A report on Wednesday by the Israeli web site YNet News describes what appears to be a typical ransomware malware infection within the offices of the Electricity Authority. The same report quoted Energy Minister Yuval Steinitz saying that the authorities were “in control of the situation.”
In a post on the web site of The SANS Institute, Robert M. Lee, citing Israeli cyber security Eyal Sela at the firm ClearSky noted that – names notwithstanding – the Israel Electric Authority mentioned in the Times of Israel report is in no way related to the networks of the Israeli electric companies, nor does it control transmission or distribution sites.
“The Israeli Electric Authority is a regulatory body of roughly 30 individuals,” Lee wrote. “This ‘cyber attack’ is only referencing their networks.” Indeed, the Authority’s website notes that the Authority was created in 1996 to “set the electricity rates for all segments of the market…conduct cost control measures (and) set rate arrangements.”
The nature of that attack on the Authority will also be pretty familiar: a ransomware outbreak that was the result of a phishing e-mail campaign sent to Authority employees, according to the YNet report.
Lee, at SANS, said that the incident should serve as a warning.
The attack on power substations in the Ukraine was widely seen as a “wake up” call for the U.S. government and North American critical infrastructure owners and operators. It was proof that determined adversaries are willing and able to use cyber attacks to create real world disruption.
But the incident in Israel underscores the inherent danger in reporting on cyber attacks, which take many different forms and have many different motivations.
“This once again stresses the importance around individuals and media carefully evaluating statements regarding cyber attacks and infrastructure as they can carry significant weight.”