While Iranian systems seem mostly targeted with state-sponsored espionage malware, Israeli businesses and financial institutions mostly fear cyber extortionists.
According to Haaretz‘ Tamir Cohen, there has recently been a wave of successful extortion attempts. But not all the attackers manage to breach their targets’ internal systems – or need to, it seems.
It is often enough to compromise an employee’s cell phone, extract a sensitive file and send it in as a proof of breach. And while the companies do employ private security firms to investigate the matter, they often decide to pay for the attackers’ silence by buying security software that is otherwise free or paying for “security consulting services”.
The reason behind this unexpected situation resolution tactic can be traced back to a number of factors.
First and foremost, the businesses believe that the Israeli police does not have the time, manpower, budget and possibly even the technological know-how to deal with these extortion attempts.
“This type of crime requires a different perspective, setting up sting operations, special investigative methods, monitoring network activity, and dealing with such cases in real time,” says Internet law and digital culture expert Dr. Nimrod Kozlovski, and for the aforementioned reasons, the police is still not able to effectively deal with the problem so businesses prefer to keep quiet and pay up.
Another reason they choose to do so is that in the great majority of cases, the amount of money they are asked to hand over to the criminals is way less than the amount they would be required to invest in technologies and procedures if they decided to prevent similar situations in the future.
But even that is no guarantee, says an expert, as there is no good defense system that has proven itself, especially because of the BYOD movement.
Dr. Kozlovski says that cyber extortion is definitely on the rise, and that it is being perpetrated by a variety of individuals and groups.
“Although much of the criminal activity, like scanning websites and breaking into Facebook and email accounts, is amateurish, large companies have been blackmailed through internal IP addresses to arrive at inside documents and attempts to extort senior officers,” he shared.
“The police recognize the importance of developing a system to deal with this issue, which is on our daily agenda. The development of such a system requires the allocation of many resources, and we are in discussions about this issue with the Public Security Ministry,” the Israel Police commented the situation.