Shva (Automatic Bank Services Ltd.), which provides communications in Israel between the various payment clearers for credit card transactions, again experienced disruptions and prevented payments from being cleared from about 11am this morning. The company said, “The cause is being investigated by the company’s professional teams,” and that there would be “updates on any developments.”
Later, about an hour after the start of the malfunction, the Shva put out an official statement that “The national payment system with debit cards has been operating normally for the past hour, and credit transactions can be made.” However, several customers reported around 1pm that the disruptions were continuing, even though according to the Shva, the system has been operating normally since 11.30am.
While initially the assessment was that it was only a communications malfunction, in the afternoon Shva reported that it was a “simple cyber incident.”
As far as “Globes” can ascertain, this was a “denial of service attack” (DDOS), in which many remote servers try to access the payment server, which can disrupt services. This is a temporary and unsophisticated attack, but one that can cause damage for several hours.
Not the first time
Last October, Shva also reported difficulties in clearing credit card transactions and communications problems with the payment system. Subsequently the company admitted that the breakdown, which lasted for three hours, was due to a cyberattack. In dealing with the problem, Shva decided to disconnect the ability to connect to the Israeli payment system from abroad. The company’s response at the time stated that, in its assessment, “The incident did not materially affect the company’s revenue.”
Two weeks later, another glitch was discovered following a cyberattack on the clearing company HYP’s Credit Guard, which provides clearing solutions to large companies such as supermarket chains, health funds, fashion chains and public transportation. Since it was an attack on a single company, the damage was less severe, and Shva reported at the time that the national payment system was operating normally.
“Denial of Service Attack”
Check Point chief of staff and head of global communications Gil Messing said, “This is a ‘denial of service attack,’ which means that the company’s servers are ‘bombarded’ with a lot of requests, thereby crashing them. You have to understand that these are orders of magnitude that collapse such a system, the scope of tools that are usually used by countries, not just small attack entities. In essence, the clearing system itself is not hacked, but it is not active, and therefore the impact is noticeable.”
Messing adds, “This is the third time in recent months that there have been ‘service-driven attacks’ on clearing services in Israel. Israel’s adversaries, and anyone who wants to carry out a significant attack here, have recognized the opportunity here to create a large cognitive effect with an impact on each of us, in a way that does not require hacking the system itself (which is much more difficult). Therefore, if it happened and was successful in the past, it is very possible that it will happen again in the future.”
RELATED ARTICLES
He continues, “These are the capabilities of a state actor. This does not necessarily mean Iran, but in the past Iranian entities have been behind such attacks. Theoretically, state entities can work with smaller entities and provide them with these tools, but an attack that aims to encourage echo and noise, and not create real damage beyond that, is from an actor whose goal is cognitive, and not economic such as stealing data or money.
“The way to deal with such attacks is to address the capacity of the number of orders in parallel: the greater it is, the harder it is to collapse the service.”
Panorays cofounder and CTO Demi Ben-Ari agrees that this is a “denial of service attack,” and says, “This is a DDoS (Distributed Denial of Service) event – that is, reducing the availability of a service. Most of the services we work with today, especially financial ones, are based on interfaces (APIs) between systems and entities. An attacker can locate the APIs that communicate between these entities, and simply ‘bombard’ them with requests and take them out of use – of course only if they are not sufficiently protected.”
Published by Globes, Israel business news – en.globes.co.il – on February 13, 2025.
© Copyright of Globes Publisher Itonut (1983) Ltd., 2025.
https://res.cloudinary.com/globes/image/upload/t_800X392/v1635343887/direct/shutterstock_1265965735_krp5wi.jpg
2025-02-13 12:14:34
