www.jpost.com Open in urlscan Pro
2600:9000:223e:6a00:4:69bf:5d00:93a1  Public Scan

Form analysis
0 forms found in the DOM

Text Content

Coronavirus Israel News WORLD NEWS Middle East U.S. Politics ARCHAEOLOGY Opinion
PODCAST

Login
Log Out
Aliyah Judaism Kabbalah Health & Wellness Antisemitism Israel Real Estate Law JP
Must Premium Pfizer News
Advertisement

Jerusalem Post World News


IS IRAN BEHIND THE BLACK SHADOW ATTACKS AND DOES IT MATTER?


THE LATEST ATTACK WAS ANNOUNCED BY THE GROUP LAST FRIDAY, WITH BLACK SHADOW
CLAIMING IT HAD DAMAGED CYBERSERVE’S SERVERS.

By TZVI JOFFRE
Published: NOVEMBER 7, 2021 12:49

Updated: NOVEMBER 7, 2021 18:11

A hacker is being depicted in this illustrative photo
(photo credit: Courtesy)
Advertisement

As the Black Shadow hacker group announced its latest attack in recent days, the
company involved was quick to point the finger at Iran, as other victims of the
group had done in past attacks, but is Iran really the culprit in this case?

“Black Shadow is pure and simple financial attacks,” said Zohar Pinhasi, the CEO
of the cybersecurity firm Monstercloud CEO to The Jerusalem Post. “Anybody can
come up with a claim saying that this group came from this country, that group
came from another country. It takes years of investigation [to locate these
groups] and in some cases it is impossible.”

Pinhasi pointed to the case of an extremely active hacker group called SamSam
which was eventually found to be run by Iran-based hackers after operating for a
number of years, stressing that it took years for authorities to track down the
cybercriminals, and even then it was only able to track them down after the
hackers made a mistake and left a lead.





LATEST ARTICLES FROM JPOST

PLAY Top Articles Video Settings Full Screen About Connatix V136947 Read More
Read More Read More Read More Read More Read More Mossad thwarts Iranian attacks
on Israelis in Africa‑ report 1/1 Skip Ad Continue watching IDF's new arsenal:
More munitions, precise missiles, greater firepower after the ad Visit
Advertiser website GO TO PAGE



“They can say this country or another, but no one really knows where they are,”
added Pinhasi about the Black Shadow attacks. “It is really rare that you find
an event by INTERPOL or the FBI that they do a massive takedown, not just in the
digital world but in the physical world, to the point where they are actually
arresting people. It is very hard to locate those individuals.”

Einat Meyron, a cybersecurity consultant, expressed agreement that it was
unlikely that the group’s identity was known yet, stating that “first off, in
this kind of attack, the identity of the attacking group is less important,”
adding that the targeted companies find it important to attribute these attacks
to Iran for “insurance and reputation reasons.”

“In practice, whether it is Iranians or Swiss people, there is no need to make
it easier for the attackers by refraining from exercising basic defenses and
acting with the mindset that it will not happen or that in the worst case the
state will help.”
VISUAL DEPICTION OF A HACKER (credit: VIA WIKIMEDIA COMMONS)

Meyron stressed that even if the hackers live in Iran, it is “necessary to prove
beyond any doubt that this is a group that operates on an Iranian mission and is
not just associated with the country. This proof in itself is not trivial
because of the spoofing effect well-known in the world of intelligence and
usually identified with Russia.”

The cybersecurity consultant added that it is unlikely a group working for the
Iranian regime would “waste energy” on records from random sites and would
instead aim to cause significant infrastructure damage, even if it was more
complex and took longer.


“On the other hand,” said Meyron, “we must not forget that there is always the
possibility that the Black Shadow activity is a smokescreen for much higher
quality and much deeper activity, whether as a deliberate proxy or as a spoofing
proxy of other attack groups.”

Black Shadow’s most recent attack targeted the web hosting company Cyberserve,
leaking data from the gay dating app Atraf, the Dan bus company, 103FM radio,
the Trip Guaranty travel insurance company, and the Mor Institute for medical
data, among others.

The leaked data includes flight details, addresses, emails, phone numbers, HIV
status and birth dates, among other personal details.

The latest attack was announced by the group last Friday, with Black Shadow
claiming it had damaged Cyberserve’s servers.

Black Shadow is responsible for previous attacks against Israeli companies, such
as vehicle insurance company Shirbit and finance company KLS. In those attacks,
the companies affected claimed that the group was Iranian, despite cybersecurity
experts rejecting the claims.

The latest Black Shadow attacks came not long after the Moses Staff hacker group
appeared for the first time, as it leaked photos and documents from an alleged
cyberattack on the Defense Ministry.

Since first appearing, Moses Staff has claimed that it has successfully
conducted a cyberattack on three Israeli engineering companies and the offices
of tax processing companies. The data leaked include projects, ID cards, tax
documents, maps, contracts, pictures, letters and videoconferencing images.

Recommended by
Unlike Black Shadow, Moses Staff has not made any demands for money or anything
else.

Moses Staff’s website claims that the group has hacked over 165 servers and 254
websites and compiled over 11 terabytes of data, including Israel Post, the
Defense Ministry, files related to Defense Minister Benny Gantz, the Electron
Csillag Company and Epsilor.

Concerning whether the Moses Staff hackers are actually a new group, Pinhasi
stated that hacker groups often wear multiple hats, meaning that the group may
be older than it seems, but may have used a different name in the past.

Pinhasi added, however, that it is still too early to know if Moses Staff or
Black Shadow are just different names for another group, and that Monstercloud
is collecting cyber intelligence around the attacks in order to protect its
customers.

The Monstercloud CEO pointed to how ransomware attacks have changed, saying that
while in the past, victims of these attacks would either pay or not pay and that
would be the end of it, in recent years, hackers have started conducting
so-called doxware attacks, threatening to leak data if they are not paid.

“With that said, paying the ransom, or paying at all, against doxware, does not
guarantee anything,” stressed Pinhasi. “Because we have had cases where the
victim paid and his data was exposed regardless.”
Cyber Hackers (credit: REUTERS)

Pinhasi added however that theory is theory and reality is reality. “Think about
it this way. If you have a company with 50 employees, you have worked since the
age of 25, you built a company, you invested your blood, sweat and tears in that
company. One day you wake up in the morning, nothing. You can’t even gain access
physically to the office because your fobs are not working. Now tell me, the
person on the other side wants $100,000. Would you close the company and say
‘ah, everyone says don’t pay I’m just going to drop everything?’ There’s reality
involved in this kind of situation.”

Pinhasi added that cyberattacks happen in Israel on a daily basis, but just are
not publicized because “no company wants to expose themselves.”

“In Israel, there were multiple attacks against major companies in the public
sector along with government agencies that were attacked in successful attacks
that you have not heard on the news,” said Pinhasi. “If you had a company with
100 employees, would you go out in public and say ‘we got hacked and all the
information of our customers is currently at risk’? You don’t want to do that.”

Pinhasi stated that, at the end of the day, the responsibility for attacks lies
on companies themselves, not the government. “If the local IT guy or the company
which services the customer that got attacked are not doing their job and they
are leaving everything exposed or they’re not monitoring the network from a
security standpoint, the government has a limit to what it can do. At the end of
the day, security falls on the company.”

The Monstercloud CEO stated that most attacks occur due to human errors by
companies and their IT staff, who often think that while vulnerabilities exist,
attacks they hear about in the news will not happen to them. “There are other
things that can cause this type of attack, but most of the attacks that we see
are caused by lack of knowledge from the IT person, lack of knowledge from the
IT company, on how to maintain proper security. That is what those criminals are
riding on.”

“Don’t just invest in sophisticated hardware and software,” advised Pinhasi.
“You need to invest in people, in the IT guy, send him to some courses that can
enrich his knowledge in security. In the past, you could just hire an IT guy.
Today he needs to have some kind of security background.”

Meyron added that Black Shadow’s method of operation provided a great
opportunity for everyone to learn a little more about how cyberattacks work,
knowledge which was not so widespread up until recent years.

“The ability to create an agenda through sarcastic messages that create in us a
need for an almost Pavlovian response that provides the attitude they expect and
even more so at a time convenient to them, but less convenient for Israeli
citizens, [such as] weekends, holidays [or] late-night hours, is one of the
pressuring tactics that hackers routinely apply and in this case are exposed to
us in a completely transparent way,” said Meyron. 



Tags cyber security hacker Black Shadow

Sign up for The Jerusalem Post Premium Plus for just $5
Upgrade your reading experience with an ad-free environment and exclusive
content

Join Now >


Advertisement

You Might Also Like

 * 
   More People Switching to VoIP Phones (Take a look at the Prices) VOIP |
   Search Ads
 * 
   This Portable Heater Might Be The Least Expensive Heating… OrbisHeater
 * 
   Cosmetics: Health and transparency go together

 * 
   [Pics] We Dare You Not To Laugh At These Vacation Pictures Gloriousa
 * 
   China has the world's largest navy, third-largest air force - report
 * 
   Leaders of anti-Zionist cult Lev Tahor to stand trial in New York


Popular in the Community
Skip
Ads by


 * 
 * 
 * 
 * 
 * 
 * 
 * 
 * 


 * 
   Two rabbis tie the knot in LGBTQ+ conservative Jewish…
 * 
   £85 – Harrogate getaway with meals, save up to 42% Travelzoo
 * 
   [Pics] Here’s What 30 Historical Figures Actually Looked Like Gloriousa

 * 
   Revolutionary FFP2 Mask just launched in the UK. What… Urban24News
 * 
   Democratic New Jersey Governor Phil Murphy wins…
 * 
   Women of Rojava, Kurdish Syria suffering in the shadow of war


 * 
   Israeli documentary shows delusions of 'Hitler's architect'
 * 
   [Gallery] Tattoo Fails: Try Not To Laugh Too Hard At No. 6 History A2Z



 * 
   Woman pushed off balcony can't return to Israel to testify
 * 
   UK Doctor: How To Clean Out Entirely Your Bowels Gut Solution
 * 
   [Pics] 67 Colorized Photos Captured Way More Than… Studentsea



 * 
   [Gallery] The Most Historically Accurate Movies, Ranked History A2Z
 * 
   What was the point of Iran’s 'fake news' IRGC ship raid?



Subscribe for our daily newsletter



By subscribing I accept the terms of use and privacy policy

Hot Opinion


ISRAEL MUST STAND STRONG AGAINST REOPENING OF US CONSULATE - EDITORIAL

By JPOST EDITORIAL


IS BENJAMIN NETANYAHU'S POLITICAL CAREER OVER? - OPINION

By YAAKOV KATZ


MY WORD: A CHANGE IN CLIMATE

By LIAT COLLINS


BY SHUNNING COP26, RUSSIA AND CHINA COULD DOOM US ALL

By AMOTZ ASA-EL


COP26: A CLIMATE CARNIVAL TO REMEMBER AND RIDICULE - OPINION

By RUTHIE BLUM
Advertisement

Might Interest You



Most Read
1


ASTEROID THE SIZE OF EIFFEL TOWER HEADING FOR EARTH IN DECEMBER


2


ASTEROID SKIMMED PAST EARTH AND NO ONE SAW IT COMING


3


ARAVRIT - NEW APP DESIGNS SCRIPT THAT COMBINES HEBREW AND ARABIC


4


NASA SCIENTIST ANSWERS: WHEN WAS THE LAST TIME AN ASTEROID HIT EARTH?


5


DRILL FOR 2,000 ROCKETS A DAY AND INTERNAL STRIFE: IDF PREPS FOR WAR




REPORTERS' TWEETS


Read all Tweets >
Advertisement

Information
About Us
Contact us
Feedback
Advertise with Us
Terms Of Service
Privacy Policy
Subscriber Agreement
JPost Jobs
Cancel Subscription
Sitemap
פרסום בג'רוזלם פוסט
Customer Service
The Jerusalem Post Group
Breaking News
Iran News
Coronavirus
World News
JPost NY Conference
Diplomatic Conference
IvritTalk- Free trial lesson
The Jerusalem Report
Jerusalem Post Lite
March of the living
Kabbalat Shabbat
Shapers of Israel
Maariv Online
Maariv News
Tools and services
JPost Premium
Ulpan Online
JPost Newsletter
JPost News Ticker
Our Magazines
Learn Hebrew
RSS feed
JPost.com Archive
Digital Library
Promo Content
Special Content
Sites Of Interest
Jewish Broadcasting Service
Jerusalem Hotels
KKL-JNF
Poalim Online
The Jerusalem Post Customer Service Center can be contacted with any questions
or requests:
Telephone: *2421 * Extension 4 Jerusalem Post or 03-7619056 Fax: 03-5613699
E-mail: subs@jpost.com
The center is staffed and provides answers on Sundays through Thursdays between
07:00 AM and 14:00 PM and Fridays only handles distribution requests between
7:00 AM and 12:30 PM
For international customers: The center is staffed and provides answers on
Sundays through Thursdays between 7AM and 14PM Israel time Toll Free number
1-800-448-9291 Telephone +972-3-761-9056 Fax: 972-3-561-3699 E-mail:
subs@jpost.com
Copyright © 2021 Jpost Inc. All rights reserved • Terms of Use • Privacy Policy
Designed by



SIGN UP

Get news, tips and tricks to encourage healthy

♦Eating  ♦Exercising ♦Relationships  ♦Lifestyles



delivered to your inbox

A message from editor Yaakov Katz

High-quality journalism is needed today more than ever as Israel continues to
face increasing threats and challenges in the Middle East alongside domestic
political instability.


Click here to support us 


To keep providing you with reliable and trustworthy information, we need your
support. Become a Premium Plus subscriber today, enjoy an ad-free experience and
help us continue telling Israel’s story to the world.