By Uri Boros
Last week, the Washington Post published an article saying Israel is responsible for the cyberattack on May 9th against the command and control systems of a major port in the Iranian city of Bandar Abbas, on the shore of the Persian Gulf.
According to the reports, the attack was a response to Iran's attempted cyberattack on water infrastructure facilities in northern Israel in April. Various articles have stated that the attack on the Iranian port was highly precise, resulting in great disruption of the port itself. Satellite imagery shows heavy traffic on roads in the area, and dozens of ships stuck offshore.
In the media, there are countless articles about different types of cyberattacks executed by individual hackers, hacker groups, and even countries.
Many people don't know this, but an attack starts even before the actual breach, and collecting intel is the most critical and dangerous part of attacking in cyberspace. It means that no cyberattack can occur without investigating the organization thoroughly. To find the security weaknesses of organizations, hackers operate in different ways to find leaked information about workers and managers.
Hackers investigate through OSINT, or open-source intelligence, to learn about the organization that they're planning to attack - what the organization does, which services it provides, and of course about the employees on social networks. In other words, the hackers need to find security weaknesses that might have leaked to the web, or even information on the darknet, in order to find a breach that enables them to hack into the organization's server. Once the hacker has enough information from the web such as an email or phone number, the hacker will send a virus through that breach that allows access to computer services. Another method of the hackers is the use of controversial search engines, such as Shodan that scans the backend of the internet and locates systems like servers, webcams, printers, routers and anything connected to the internet. Hackers use this search engine to find vulnerable devices that they can easily hack.
So how should large organizations, companies, or even countries protect themselves from the next cyberattack?
Of course, it isn't possible to fully protect data from an enemy on the web. Every professional knows that their personal information, like email or phone number, could be leaked at any given time. First and foremost, there should be a balance between protecting data of employees and working in a productive way that will benefit the company. For example, no USB flash drives should be connected to computers; also, no cell phones should have access to the company's network.
Uri Boros is CEO and co-founder of BLER Systems