According to media reports, an attempt to infest websites with ransomware that would lock administrators out until they agreed to pay to get back in was made by a hacker who simultaneously defaced several sites with the words, “Jerusalem is the capital of Palestine.”
The hacker got in due to a vulnerability that existed in a third-party accessibility plug-in called Nagich, which means accessibility in Hebrew, and helps make Israeli websites accessible for the disabled. Experts said the move was achieved by taking control of a record on a DNS server of the Nagich service domain name that allowed the hackers to redirect traffic to a server that it controls rather than the original server.
Nagich had neglected some basic security measures, according to reports.
By law, Israeli websites providing public service must be accessible to those with disabilities. Among Nagich’s clients and the sites that were affected are McDonalds, Coca-Cola, Bank HaPoalim, Partner, 012 Mobile and Golan Telecom, as well as several news sites, including Ynet. Calcalist and Makor Rishon.
Nagich managed to stop the breach in about 20 minutes, though some website remained unusable for up to an hour.
Programmer Ran Bar-Zik, who works at Verizon Media, posted about the attempt after he helped halt it. He criticized the company for “incredible negligence, about which warning have been sounded in the recent past” and said that “the hackers could have caused billions in damage instead of mere vandalism.”