Massive attack against Israeli websites; multiple service shutdowns

Websites in Israel have been attacked by threat actors hoping to get cryptocurrency transactions

A hacker or hacker group made a massive attack against multiple web pages in Israel, leaving thousands of websites out of service, report network security and ethical hacking specialists from the International Institute of Cyber Security.

According to local media reports, the attacker/attackers tried to infect thousands of websites with a variant of ransomware, pretending to block access to these sites until they were made a ransom payment in cryptocurrency. The compromised sites showed the words “Jerusalem is the capital of Palestine”.

According to reports from experts in network security, attackers got access to the compromised sites exploiting a critical vulnerability in Nagich, a third party plugin used by Israeli websites for accessibility for handicapped people. The attackers achieved their goal after taking control of a registry on a DNS server in the domain name of the Nagich service, which allowed hackers to redirect traffic to a server under their control.   

Network security experts concluded that Nagich developers committed several elemental security flaws, an element that contributed to the successful attack.

The laws of Israel state that any website that provides a public service should be accessible to people with disabilities. Some of the sites affected during this incident are Coca Cola, McDonalds and the telecom company Golan Telecom, as well as some local news portals.

Nagich cybersecurity teams managed to contain the attack about half an hour after it was detected, although some websites were unavailable for hours.

After containing the incident, some specialists took the time to criticize the company for the negligence committed; stressing that Nagich had already been warned in the past about their security failures.  “This attack could have generated billions of dollars in losses,” some experts commented.