Security → Partial Grid Shutdown After 'Severe' Israel Hack

A serious hack attack on Israel's electricity authority has "paralysed" computers and led to a partial grid shutdown - as the country's temperatures plunged.

The "severe" breach was detected on Monday as temperatures dropped to below freezing, leading to two days of record-breaking energy consumption.

Energy minister Yuval Steinitz said it is one of the biggest computer-based attacks ever experienced, and portions of the electricity grid were shut down as a response.

He did not identify any suspects behind the attack or give details about how it was carried out.

»news.sky.com/story/16304 ··· ael-hack

A bit of an update:

"No, Israel's power grid wasn't hacked, but ransomware hit Israel's Electric Authority"

"Someone in Israel's Electricity Authority, a government department charged with providing utility services, fell for a phishing attack, opened an email and thereby was infected with ransomware which reportedly spread to other computers in the network. Yet the department chose to take the computers offline. Details are somewhat sketchy, but it appears that the media heard "electric," "paralyzed" and "severe cyber attack" before reporting the Israeli power grid was hacked and taken down."

»www.computerworld.com/ar ··· ity.html
--
"Be simple, be earnest and spread that simplicity throughout everything you do."

Good grief, talking about blown out of context. Well at least I gained a decent chuckle this morning.

Context for the claim of a cyber attack on the Israeli electric grid

When it comes to Israel, I don't usually chuckle.

From past experience, I know they are also rather good at playing down any cyber-intrusions. Once reported by the media, some articles (over the years) have disappeared without a trace.
--
"Be simple, be earnest and spread that simplicity throughout everything you do."

That's one way to diminish personal responsibility.
What I read is that anyone could become a phishing victim just by simply opening an email which is not true.
Where's the part about clicking a link in the email?
Where's the part about filling in the user name & password on the linked site?
Where's the part about how so easily the entire event could have been avoided if basic email security rules were followed?

EDIT: Associating the execution of an .exe with opening a phishing email is not an accurate portrayal of events.
It's easy enough to overlook that reference getting into print but the Computer Land article makes 3 separate references to phishing emails installing malware.

Ransomware via a phishing attack hit Israel Electric Authority,

Someone in Israel's Electricity Authority, a government department charged with providing utility services, fell for a phishing attack, opened an email and thereby was infected with ransomware which reportedly spread to other computers in the network

“The ‘cyber attack’ was simply ransomware delivered via phishing emails to the regulatory body's office network..."

Phishing emails are defined as:
"Phishing email will typically direct the user to visit a website where they are asked to update personal information, such as a password, credit card, social security, or bank account numbers, that the legitimate organization already has."
»www.google.com/search?q= ··· oe=utf-8

What I assume happened is the victim received an email with an attachment such as "Hot Ariella.jpg.exe" which was clicked on in the heat of the moment.

Double entendre?

I read a bit about the dark energy exploit kit that had recently been upgraded from just a ddos kit to suspicion around state sponsonsered lvl involvement in targeting other gov infostructure.
Has this concern also evaporated or was embellished.

In addition to identifying the attack as ransomware, the Hebrew language article quotes P.M. Netanyahu blaming Iran and Daesh.

N.b.

--
If no mistake have you made, yet losing you are … a different game you should play
- Yoda

»www.theregister.co.uk/20 ··· nalysis/
So the previous hack/attack on ukraines power grid is looking sketchy too.