Search
  • watchofficermanager

Security Brief: CICYBER Week of March 14, 2022

Week of Monday, March 14, 2022 | Issue 67

Marina Tovar and Kaylyn Matis, CICYBER Team

Alessandra Ciffo, Editor; Demetrios Giannakaris, Senior Editor



Disconnected[1]



Date: March 14, 2022

Location: France and Germany

Parties involved: France; BNP Paribas; French local units; Germany; Deutsche Kredit Bank (DKB); Commerzbank; Deutsche Bank; German local units; Russia; Russian units

The event: German and French banks operating in Russia, such as Commerzbank, Deutsche Bank, and BNP Paribas, are preparing to separate these units from their main computer networks and transfer their essential data to their local servers. This decision comes after increased cyberattacks following the Russian invasion of Ukraine, as the local units protect the data stored from cyberattacks due to their isolated information systems.[2]

Analysis & Implications:

  • Transferring data to different units will very likely allow German and French banks operating in Russia to mitigate incoming cyberattacks targeting Russian units, likely reducing their vulnerabilities and protecting their data. Local units’ isolated information systems will almost certainly protect the local data stored by mitigating malware and ransomware attacks. Threat actors will almost certainly need to introduce the malware physically through a pen drive to access the data in the local units.

  • A cyberattack targeting Russian bank units' networks will very likely grant access to personnel data, as their servers will likely contain information about their units and employees. Threat actors stealing personnel data will likely exploit this information for financial gain by threatening Russian unit employees or the bank to pay a ransom for the stolen data. This will likely negatively affect the bank’s reputation, likely prompting customers to withdraw their assets, almost certainly causing financial loss to the bank.


Date: March 14, 2022

Location: Israel

Parties involved: Israeli Prime Minister website; Israel Ministry of Justice website; Israel National Cyber Directorate (INCD); Israel Ministry of Defense; Israel’s critical infrastructure (CIKR); Jerusalem Post; Black Shadow; Iran-linked hacker groups; Israeli threat actors; Iran’s Fordow Fuel Enrichment Plant; Iran; Unknown Israeli cyber group; Threat actors

The event: Israel’s Prime Minister’s and the Ministry of Justice websites went offline due to a Distributed Denial of Service (DDoS) attack.[3] A DDoS attack targets multiple connected devices, allowing the cyber group to flood the system with malware, creating traffic within the targets’ operating systems (OS).[4] Israel’s Ministry of Defense and the INCD declared a state of emergency following the attack to assess any potential harm to CIKR. The Jerusalem Post attributed the attack to Black Shadow, an Iranian-linked cyber group, as the methods used, like DDoS attacks, are tactics the group employs, though the cyber group has not claimed responsibility.[5] The Jerusalem Post believes Black Shadow’s attack is retaliation for an alleged attempt at sabotaging Iran’s Fordow Fuel Enrichment Plant[6] conducted by an unknown Israeli cyber group.[7]

Analysis & Implications:

  • Black Shadow attacks on Israel's CIKR could very likely exacerbate Israeli-Iranian tensions, likely targeting Iran’s CIKR in retaliation to Iranian attacks. Continued Israeli and Iranian CIKR attacks will likely prompt further and more intense retaliation . Israeli and Iranian cyber groups could likely allow threat actors to access the targeted CIKR systems and encrypt the data with malware. Threat actors could likely demand a ransom from Israeli or Iranian CIKR organizations for the encrypted data, which is very likely to pose an economic burden if the ransom is extensive.

  • Black Shadow will very likely utilize DDoS attacks on Israeli CIKR systems. Attacks are likely to disrupt communications networks and impede Israel’s capacity to protect data stored within its networks. By targeting computer security systems or networks, threat actors will very likely exploit the temporary lack of services to damage the Israeli economy, likely disrupting the production of goods and services through the encryption and blockage of the systems targeted. Israel’s inability to meet demands of goods and services will likely reduce aggregate supply, likely increasing prices and Israeli households and firms’ distrust.

________________________________________________________________________ The Counterterrorism Group (CTG)

[1] “Disconnected” by Killermonkeys licensed under CC BY-NC 2.0

[2] European Banks Take Steps to Insulate Computer Systems in Russia, Bloomberg, March 2022, https://www.bloomberg.com/news/articles/2022-03-14/european-banks-take-steps-to-insulate-computer-systems-in-russia

[3] DDos Attack Downs Several Israeli Government Websites, Gov Info Security, March 2022, https://www.govinfosecurity.com/ddos-attack-downs-several-israeli-government-websites-a-18719

[4] Distributed Denial of Service (DDoS), Imperva, https://www.imperva.com/learn/ddos/denial-of-service

[5] DDos Attack Downs Several Israeli Government Websites, Gov Info Security, March 2022, https://www.govinfosecurity.com/ddos-attack-downs-several-israeli-government-websites-a-18719

[6] Ibid

[7] Iran claims to thwart Israeli sabotage plot at nuclear facility, arrests ‘network’, Times of Israel, March 2022, https://www.timesofisrael.com/iran-claims-to-thwart-israeli-sabotage-plot-against-nuclear-facility/

11 views