Israel Security Agency called in after virus, likely Iranian, manages to infiltrate all the security measures of Israel’s second-largest bank • Israel’s banks on high alert in anticipation of additional cyberattacks • Virus was planted in PowerPoint presentation.An investigation into last week’s foiled cyberattack against Bank Hapoalim appears to indicate that the perpetrators were not amateur hackers but trained spies in the service of a government. The finding indicates an escalation in the cyberwar that recently erupted between Israel and saboteurs in the Arab world.
mail server. The attack was thwarted by the bank’s information security system, senior Bank Hapoalim officials reported.
However, the attempted cyberattack on Israel’s second-largest bank has prompted Israel’s banks to boost security. Two days before the attempted attack, Israel’s banks were issued a warning regarding a possible imminent cyberattack. In efforts to preempt such an attack, the Bank of Israel (the country’s central bank) joined forces with the Israel Security Agency’s information security division in formulating guidelines for confronting increased cyberattacks.
Initially, last week’s attack was reported as an attempt to infiltrate the personal computers of Bank Hapoalim’s executives through the bank’s mail server. The initial report added that an attempt had been made to plant a worm or Trojan horse malware in the bank’s computerized network.
Suspicion that hackers from Iran and other Arab nations were targeting Israeli banks has prompted financial institutions across the country to raise alertness levels and boost information security. In anticipation of future attacks, banks and other business institutions were expected to upgrade security protocols in coming days. In addition, limitations were likely to be imposed on the storage of financial files on computers with accessible mailboxes.
The foiled attack on Bank Hapoalim’s servers has come closer than any other attempted cyberattack to infiltrating Israel’s banking system. However, it wasn’t the first attempt: In recent months hackers have targeted banks, the stock exchange and databases belonging to financial regulators.
The Bank of Israel declined to comment on the thwarted Bank Hapoalim attack.
Security personnel employed by banks across the country were summoned to an emergency meeting last week when the Israel Security Agency discovered how deep the latest attack had penetrated Bank Hapoalim’s security systems. Apparently a virus was planted in a PowerPoint program, which generates presentations, and remained there for an unknown period of time. The security personnel were briefed in detail well into the night.
The sophistication of the attack appears to indicate that the perpetrators were trained cyberspies with government backing. The virus code was written into a PowerPoint presentation as a question in one of the slides. The moment any employee clicked on the question to reply, the code would launch the virus, freeing it to search the computer for relevant information. It is not yet clear what kind of information, if any, was leaked. The bank’s employees have been instructed to refrain from using the program until further notice.
The Israel Security Agency’s information security service became involved since the bank’s multiple security measures failed to block the hackers. The virus was defined by experts as very close to “Zero Day” activity -- meaning the virus exploited vulnerabilities previously undetected by any other virus or security efforts and could not be remedied. Investigations are underway to determine whether any data were leaked and whether any other institution had been attacked.