Tracking 20 senior officials over seven years: An Israeli start-up has uncovered a worldwide cyber attack
The attackers obtained access to call details and cams, as well as the location details of hundreds of millions of users. • In fact, the ability was used to monitor 20 senior government officials in different countries. • Israeli companies were not harmed • The CEO of CyberSense: “The attacker specifically chose to extract information about certain users ”
The Israeli cyber protection company, Cybersen, last week updated 25 cellular operators around the world because they were hit or suspected of being hit by a serious cyber attack. The warning followed an investigation conducted by the company in the past nine months, during which cyber attacks were discovered that hit 12 operators around the world. According to Sibirzen, the attack allowed attackers full access to the enterprise’s corporate computer passwords and gave them access to all the information about the company’s call destinations and cams and their location.
Acording to the company, the cyber attack was revealed nine months ago at a cellular supplier with tens of millions of customers. The company contacted Cyprzen following suspicion of an attack. Cybersin researchers left their systems at the cellular provider with tens of thousands of endpoints, and two days later discovered the attack. The study lasted a few months and a few weeks ago the company discovered that the breakthrough was not limited to the company that approached it, and was involved in addition to another 11 companies. In total, there are 12 suppliers serving hundreds of millions of customers. The reason for the break-in of some of the operatives, according to Cyprzen, is to enable cross-country surveillance of the targets of the attack.
In a conversation with “Globes”, Cybresin CEO Lior Deeb explained the unfolding of the affair: “The first company that contacted us told us that it had signs of an attack that they were not Are able to connect to a full picture that will determine whether they are being attacked or not, “says Div.” But the deeper we went, the more signs of attack and signs that tied all the signs together. We discovered that the attacker sent a lot of data out and that the attacker did encrypt the information, but we were able to identify the password that he used because it was encoded in the malware he used. ”
After deciphering the code, the company’s researchers discovered data leakage of more than 100 gigabytes in 20 users of the same cellular company. “There were several million users on the same network, but the same attacker specifically chose to extract information about certain users,” Deeb said. “It was the details of all the calls that the user made, the samsas he sent, and all the information of the location over a period of half a year – information that can be used to put together a whole lifetime of that person – where he lives, where he travels every morning, And sends poison, a complete picture of the situation that provides the ability to track the person. ” According to Deeb, these are political followers, people from the local authorities. The interest in tracking the 20 is not business: When a country attacks another country, it has an interest for very specific people in that country.
Deeb also notes that at no point did burglars reach the mobile phone. “If the same user went to the specialist and asked him if the phone had been hacked, they would tell him that the phone was clean, and in fact he had no way of knowing that he was under surveillance. More and more assets from the cellular network and reached a state that controls it completely.In fact all the user names and passwords of all users in the organization, including those of the officials responsible for controlling the network – the system and IT, so they could connect to any computer on the network, add Users and remove users “.
“Instead of breaking into a database every time to steal data, they installed a VPN on the server that contained the information they were interested in. They connected to it remotely, and in four different cases they downloaded hundreds of gigabytes “In fact, the attackers acted like a spy network.”
In order to trace the attackers, the people of Cyprzen examined how the attackers communicated in and out of the same network, and on what infrastructure they used to carry out the attack. “Usually, what an attacker does is change the attack infrastructure each time, and they did, but because they used pretty similar parameters, we were able to find the attack servers and the attack mode they used, and we found that they used a similar infrastructure, To attack other companies, they took the same tools, packed them up and used them again to take control of other networks. ”
For the first time in seven years, Australia has cut interest rates twice
Governor of the Central Bank, Philippe Lowe, lowered the interest rate by one quarter to 1 percent, as expected by the financial markets and most economists, and indicated that he was ready for further easing if necessary
For the first time in seven years, Australia has cut interest rates twice and left the door open for further relief as policy makers try to support a slowing economy and try to accelerate dormant inflation.
More articles on:
Rani Zim increases its share in projects in Tamra and Taibe to 75%
Governor of the Central Bank, Philip Lau, lowered the interest rate by one quarter to 1 percent, as expected by the financial markets and most economists. The Governor is scheduled to address the community leaders at a dinner dinner in Darwin, and is expected to explain his continued monetary policy moves.