The weekend ransomware attack on more than 40,000 computer systems in dozens of countries around the globe has ratcheted up awareness of our vulnerabilities. It also brought home the degree to which hackers are ready and willing to exploit these vulnerabilities by incurring painful and costly damage to computers of all types: governmental, private companies and individuals. The Russian Ministry of the Interior, the US-based FedEx corporation, telecom companies in Spain, France’s Renault, universities in China, and the UK’s National Health Service hospitals were among the ransomware victims. The Economist has already called it the “Great Cyber Attack of May 12”, with victims being locked out of access to their own data and required to pay ransom in order to recover files.
Although the scope of the damage is hard to measure, as the attack — now named WannaCry — is still ongoing, victims have begun to pay the demanded ransom, beginning at about $300 to unlock their data encrypted by hackers who have not been identified so far (payment is demanded via anonymized Bitcoin accounts). As with the payment of ransom in non-cyber contexts, there are of course no guarantees that the relevant data will in fact be de-encrypted. The New York Times created an animated map that shows the rapid rate and wide scope of the malware’s infection path in its early stages.
These hostile cyber events show how hackers can exploit a vulnerability at the global level, in this case via Microsoft servers, which support about 80 percent of desktop computers around the world, according to the New York Times. In March, Microsoft had released a patch to repair this weakness in its operating system, after having been warned behind the scenes of its existence by the US National Security Agency. The NSA apparently discovered that certain malicious hacking tools it had acquired had been stolen, and alerted companies such as Microsoft, hoping to head off a cybersecurity debacle, but to no avail. The group suspected of having made off with the NSA’s cyber tools calls itself the Shadow Brokers, and has been active in other malicious cyber incidents since the summer of 2016.
In a technical glitch scenario that was just waiting to happen, users who applied the patch that Microsoft released were in fact protected. However, some users were dependent upon an older operating system, which required a customized, extra support contract. Those organizations that opted not to spend the additional money remained vulnerable to the phishing emails that eventually delivered the malware to tens of thousands of computers, in what appears to be the largest ransomware hack on record. Reports are now emerging of the utilization by a British cybersecurity researcher of a kill switch that may limit the overall damage.
So far, any damage to Israel’s government and private sector seems to have been minimal. The Israel National Cyber Authority (NCA) issued an official statement yesterday on the ransomware attacks, notifying the public of its ongoing contact with similar authorities around the globe, as well as with Israeli organizations, in order to mitigate damage. NCA head Buki Carmeli stated that “no indications have been found so far in Israel of malware in systems that are operational.…Due to the fact that most organizations do not operate on Shabbat, many systems are not currently in operation, yet this does not mean that malware may not be found tomorrow, which is why preparations are currently underway.”
An official NCA document provided details to Israeli organizations, including administrative and technical guidelines for coping with WannaCry.
At the Sunday morning Cabinet meeting, Prime Minister Netanyahu said that the identifiable damage so far was minimal and had not affected critical infrastructures. Such infrastructures include the public transportation network, electricity grid, the national water supply, and certain governmental functions, and can be especially vulnerable to cyberattack because of their large-scale dependency on computerized networks. Netanyahu explained that the government had anticipated such attacks some years ago and had established a suitable defense system and the National Cyber Authority to meet the threat. “I ask all Israeli citizens and companies to follow any guidelines that may be issued,” said Netanyahu, “as there will be further developments and we will need to invest additional resources in order to ensure that Israel will continue to have all necessary defenses.”
So, has Israel dodged this cyber bullet?
It may be that the coming weeks will show that Israel’s national cybersecurity defenses have largely succeeded in avoiding significant local damage in the wake of the WannaCry ransomware attack. This will be good news, and full credit should be given to those governmental agencies responsible for implementing national policy, as well as private companies that take on responsibility for national cyber defense by implementing required safeguards and following guidelines. The Israel Internet Association also joined in the efforts to alert the public to ongoing events and to communicate guidelines for protecting individual computers.
Nevertheless, there’s still a weak link in the chain of national cyber defense. While government agencies and large corporations have the resources, human expertise and, for some, regulatory requirements that compel readiness for cyber emergencies like WannaCry, private individuals and small and medium business enterprises do not.
The next significant challenge to Israel’s ecosystem for cyber defense is to engage the smaller-sized organizations, the third sector and individual users in the national project of cyber defense. This might include information-sharing schemes, cybersecurity seminars and training programs, and access to high-level cybersecurity expertise that is financially feasible.
Yitzhak Ben Israel, one of Israel’s leading cyber experts, has warned in a recent article that the cyber threat landscape is a dynamic one, and that present successes do not ensure future ones. This next stage is precisely where Israel might pro-actively adapt in order to be better prepared than it already is for the next, inevitable cyber emergency.