Is Iran Behind The Black Shadow Attacks And Does It Matter?

When hacker group Black Shadow announced its latest attack in recent days, the company involved was quick to point the finger at Iran, as other victims of the group had done in previous attacks, but is Iran really the culprit in this one? case?

“Black Shadow are pure and simple financial attacks,” said Zohar Pinhasi, CEO of cybersecurity firm Monstercloud CEO to The Jerusalem Post. “Anyone can make a claim saying that this group came from this country, that group came from another country, it takes years of investigation [to locate these groups] and in some cases it is impossible. “

Pinhasi pointed to the case of an extremely active hacking group called SamSam that was eventually found to be targeted by Iran-based hackers after operating for several years, emphasizing that it took authorities years to track down the cybercriminals, and even then he was only able to track them down after the hackers made a mistake and left an advantage.

“They can say this country or another, but no one really knows where they are,” Pinhasi added of the Black Shadow attacks. “It’s really rare that you find an INTERPOL or FBI event where they do a massive takedown, not just in the digital world but in the physical world, to the point where they actually arrest people. It is very difficult to locate those people. “

Einat Meyron, a cybersecurity consultant, agreed that the identity of the group was unlikely to be known, stating that “firstly, in this type of attack, the identity of the attacking group is less important,” adding that the Target companies find it important to attribute these attacks to Iran for “security and reputational reasons.”

“In practice, whether they are Iranian or Swiss, there is no need to make things easier for attackers by refraining from exercising basic defenses and acting with the mindset that it will not happen or that in the worst case the state will help.”

Visual representation of a hacker (credit: VIA WIKIMEDIA COMMONS)

Meyron emphasized that even if the hackers live in Iran, it is “necessary to demonstrate beyond any doubt that this is a group that operates an Iranian mission and is not only associated with the country. This test in itself is not trivial because to the Effect of identity theft well known in the intelligence world and generally identified with Russia. “

The cybersecurity consultant added that a group working for the Iranian regime is unlikely to “waste energy” on random site searches and instead aim to cause significant damage to infrastructure, even if it was more complex and took longer. .

“On the other hand,” said Meyron, “we must not forget that there is always the possibility that Black Shadow activity is a smokescreen for much higher quality and much deeper activity, either as a deliberate proxy or as a proxy for spoofing of other attack groups. “

The most recent Black Shadow attack targeted web hosting company Cyberserve, leaking data from gay dating app Atraf, Dan bus company, 103FM radio, Trip Guaranty travel insurance company, and Mor Institute. for medical data, among others.

The leaked data includes flight details, addresses, emails, phone numbers, HIV status, and dates of birth, among other personal details.

The latest attack was announced by the group last Friday, and Black Shadow claimed that it had damaged Cyberserve’s servers.

Black Shadow is responsible for previous attacks against Israeli companies, such as the Shirbit vehicle insurance company and the KLS finance company. In those attacks, the affected companies claimed the group was Iranian, even though cybersecurity experts rejected the claims.

The latest Black Shadow attacks came shortly after the Moses Staff hacking group first appeared, as it leaked photos and documents of an alleged cyberattack to the Ministry of Defense.

Since its first appearance, Moses Staff has claimed that it has successfully carried out a cyberattack against three Israeli engineering companies and the offices of the tax processing companies. The leaked data includes projects, identification cards, tax documents, maps, contracts, photographs, letters, and video conference images.

Unlike Black Shadow, Moses Staff hasn’t asked for money or anything else.

The Moses Staff website claims that the group has hacked more than 165 servers and 254 websites and compiled more than 11 terabytes of data, including Israel Post, the Ministry of Defense, files related to Defense Minister Benny Gantz, the Electron Csillag and Epsilor Company.

Regarding whether the Moses Staff hackers are actually a new group, Pinhasi claimed that hacker groups often wear multiple hats, meaning the group may be older than it appears, but may have worn a different name in the past.

Pinhasi added, however, that it is still too early to know whether Moses Staff or Black Shadow are just different names for another group, and that Monstercloud is gathering cyber intelligence on the attacks to protect its clients.

The CEO of Monstercloud pointed out how ransomware attacks have changed, saying that while in the past, victims of these attacks would pay or not pay and that would be the end, in recent years, hackers have started making so-called doxware attacks. , threatening to leak data if they are not paid.

“That said, paying the ransom, or paying at all, against doxware, does not guarantee anything,” Pinhasi emphasized. “Because we have had cases in which the victim paid and their data was independently exposed.”

Cyber ​​hackers (credit: REUTERS)Cyber ​​hackers (credit: REUTERS)

Pinhasi added, however, that theory is theory and reality is reality. “Think of it this way. If you have a company with 50 employees, you have worked since you were 25 years old, you have built a company, you have invested your blood, sweat and tears in that company. One day you wake up in the morning, nothing. Not even you can physically access the office because your key fobs don’t work. Now tell me, the person on the other end wants $ 100,000. Would you close the business and say ‘ah, everyone says don’t pay, am I going to drop everything? There is a reality involved in this kind of situation “.

Pinhasi added that cyberattacks happen in Israel on a daily basis, but they are simply not publicized because “no company wants to expose themselves.”

“In Israel, there were multiple attacks on major public sector companies along with government agencies that were targeted in successful attacks that you have not heard of in the news,” Pinhasi said. “If you had a company with 100 employees, would you go out in public and say ‘we were hacked and all our customer information is currently at risk’? You don’t want to do that. “

Pinhasi said that, at the end of the day, the responsibility for the attacks rests with the companies themselves, not the government. “If the local IT technician or the company serving the attacked customer is not doing their job and leaves everything exposed or is not monitoring the network from a security point of view, the government has a limit on what it can do . At the end of the day, security rests with the company ”.

The CEO of Monstercloud stated that most attacks occur due to human error on the part of companies and their IT staff, who often think that as long as vulnerabilities exist, the attacks they hear on the news will not happen to them. “There are other things that can cause this type of attack, but most of the attacks that we see are caused by the IT person’s lack of knowledge, the IT company’s lack of knowledge on how to maintain proper security. . That’s what those criminals are riding on. “

“Don’t just invest in fancy hardware and software,” Pinhasi advised. “You have to invest in people, in IT, send them to some courses that can enrich their knowledge of security. In the past, you could only hire an IT technician. Today you need to have some kind of security experience. “

Meyron added that the Black Shadow method of operation provided a great opportunity for everyone to learn a little more about how cyberattacks work, knowledge that was not as widespread until recent years.

“The ability to create an agenda through sarcastic messages that create in us the need for an almost Pavlovian response that provides the attitude they expect and even more so at a time convenient for them, but less convenient for Israeli citizens, [such as] weekends, holidays [or] Late at night, it is one of the pressure tactics that hackers apply routinely and in this case they are exposed to us in a completely transparent way, ”said Meyron.

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *