Is Iran behind the Black Shadow attacks and does it matter?


As the Black Shadow hacker group announced its latest attack in recent days, the company involved has been quick to point the finger at Iran, as other victims of the group have done in past attacks, but l ‘Is Iran really the culprit in this affair?

“Black Shadow is outright financial attacks,” Zohar Pinhasi, CEO of cybersecurity firm Monstercloud CEO, told The Jerusalem Post. “Anyone can claim that this group came from this country, this group came from another country. It takes years of investigation [to locate these groups] and in some cases it is impossible.

Pinhasi brought up the case of a hugely active hacker group called SamSam, which ultimately turned out to be run by Iran-based hackers after operating for several years, noting that it took years for authorities to track them down. cybercriminals, and even then he could only find them after the hackers made a mistake and left a lead.

“They can say this country or another, but nobody really knows where they are,” Pinhasi added of the Black Shadow attacks. “It’s really rare that you find an event organized by INTERPOL or the FBI that makes a massive takedown, not only in the digital world but in the physical world, to the point where they actually arrest people. It is very difficult to locate these people.

Einat Meyron, cybersecurity consultant, agreed that the identity of the group was unlikely to be known yet, saying that “first of all, in this type of attack, the identity of the group attacker is less important, ”adding that the targeted companies find it important to attribute these attacks to Iran for“ insurance and reputation reasons ”.

“In practice, whether it is Iranians or Swiss, it is not necessary to facilitate the task of the attackers by refraining from exercising basic defenses and by acting with the mentality that it does. will not happen or that in the worst case the state will help. “


Meyron stressed that even though the pirates live in Iran, it is “necessary to prove beyond any doubt that this is a group that operates under an Iranian mission and is not only associated with the country. This evidence in itself is not trivial due to the spoofing effect well known in the intelligence world and generally identified with Russia.

The cybersecurity consultant added that a group working for the Iranian regime was unlikely to “waste energy” on recordings from random sites and instead aim to cause significant damage to infrastructure, even if it was. more complex and took longer.

“On the other hand,” said Meyron, “we must not forget that there is always the possibility that the Black Shadow activity is a smokescreen for a much better quality and much deeper activity, than either as a deliberate proxy or as a proxy to impersonate other people attack groups.

Black Shadow’s most recent attack targeted web hosting company Cyberserve, leaking data from gay dating app Atraf, bus company Dan, radio 103FM, travel insurance company Trip Guaranty and the Mor Institute for medical data, among others.

The data disclosed includes flight details, addresses, emails, phone numbers, HIV status and dates of birth, among other personal details.

The latest attack was announced by the group last Friday, with Black Shadow claiming to have damaged Cyberserve’s servers.

Black Shadow is responsible for previous attacks on Israeli companies, such as auto insurance company Shirbit and finance company KLS. In the attacks, the companies involved claimed the group was Iranian, despite the claims being rejected by cybersecurity experts.

Black Shadow’s latest attacks came shortly after the first appearance of the Moses Staff hacker group, as it leaked photos and documents of an alleged cyberattack on the Department of Defense.

Since his first appearance, Moses Staff has claimed to have successfully carried out a cyberattack against three Israeli engineering companies and the offices of tax processing companies. The leaked data includes projects, ID cards, tax documents, cards, contracts, photos, letters and video conference images.

Unlike Black Shadow, Moses Staff didn’t ask for money or anything.

Moses Staff website claims the group hacked more than 165 servers and 254 websites and compiled over 11 terabytes of data including Israel Post, Defense Ministry, Defense Minister related files Benny Gantz, Electron Csillag and Epsilor.

Regarding whether the Moses Staff hackers are in fact a new group, Pinhasi said hacker groups often wear multiple hats, meaning the group may be older than it looks, but may have used a different name in the past.

Pinhasi added, however, that it is still too early to know if Moses Staff or Black Shadow are just different names for another group, and that Monstercloud is collecting cyber intelligence around the attacks in order to protect its clients.

Monstercloud CEO highlighted the evolution of ransomware attacks, saying that while in the past victims of these attacks paid or did not pay and that would be the end, in recent years hackers have started carrying out attacks. say doxware. , threatening to release data if they are not paid.

“That said, paying the ransom, or paying at all, against doxware, doesn’t guarantee anything,” Pinhasi pointed out. “Because we have had cases where the victim paid and their data was exposed regardless. “

Cyber ​​hackers (credit: REUTERS)Cyber ​​hackers (credit: REUTERS)

Pinhasi added however that theory is theory and reality is reality. “Think of it this way. If you have a business with 50 employees, you’ve worked since you were 25, you’ve built a business, you’ve invested your blood, sweat and tears in that business. day, you wake up in the morning, nothing. You can’t even physically access the office because your remotes aren’t working. Tell me now, the person on the other side wants $ 100,000. Would you shut down the company and say, “Ah, everybody says don’t pay, am I going to drop everything?” There is a reality in this kind of situation.

Pinhasi added that cyber attacks happen daily in Israel, but are simply not made public because “no company wants to expose itself.”

“In Israel, there have been multiple attacks on large public sector companies as well as government agencies that have been attacked in successful attacks that you have not heard of on the news,” Pinhasi said. “If you had a company with 100 employees, would you say in public, ‘we’ve been hacked and all of our customer information is in danger right now’? You don’t want to do this.

Pinhasi said that ultimately the responsibility for the attacks lies with the companies themselves, not the government. “If the local IT person or the company that serves the customer that was attacked is not doing their job and leaving everything exposed or not monitoring the network from a security perspective, the government has a limit to what he can do. Ultimately, security is the responsibility of the company.

The Monstercloud CEO said most attacks are due to human error by companies and their IT staff, who often believe that even though vulnerabilities exist, the attacks they hear about in the media will not happen to them. “There are other things that can cause this type of attack, but most of the attacks we see are caused by the IT person’s lack of knowledge, the IT company’s lack of knowledge, on how to maintain adequate security. This is what these criminals are riding on.

“Don’t just invest in sophisticated hardware and software,” Pinhasi advised. “You have to invest in people, in IT, send them to take courses that can enrich their knowledge of security. In the past, you could just hire an IT person. Today he must have some sort of safety training.

Meyron added that how Black Shadow works gave everyone a great opportunity to learn a bit more about how cyberattacks work, a knowledge that was not so prevalent until recent years.

“The ability to create an agenda through sarcastic messages that create in us a need for an almost Pavlovian response that provides the attitude they expect and even more at a time that is convenient for them, but less convenient for them. Israeli citizens, [such as] weekends, holidays [or] late at night is one of the pressure tactics that hackers regularly apply and in this case we are exposed in a completely transparent manner, ”said Meyron.

Leave A Reply

Your email address will not be published.