This Cybersecurity Threat Advisory sheds light on the recent global events between Israel and Hamas that have caused a surge in cyber incidents from hacker activists, also known as “hacktivists”. These attacks have been experienced on both sides of the conflict, as well as in other nations. Common targets of these attacks have been government systems, critical infrastructure, and media outlets.
What is the threat?
Since the escalation of the conflict, there have been many cases of cyber incidents consisting of several different attack methods utilized by hacktivist groups. One of the more prevalent methods observed has been DDoS (Distributed Denial-of-Service) attacks. DDoS attacks are performed by malicious actors that seek to disrupt a machine or network device’s services to be unavailable to its intended users. The main targets for these attacks were government IT systems, critical infrastructure (such as energy, defense, and telecommunications), and media outlets.
Other attack vectors were discovered through the exploitation of vulnerabilities found in systems. This has allowed malicious actors to steal information, deface websites/services, and gain control of systems. A group has claimed they’ve hacked into Red Alert, which is Israel’s missile alert system. They’ve intercepted data, sent spam messages, and there are claims of potentially false missile alerts sent out to its users. Hacktivists have also claimed to attack Alfanet, an internet service provider based in the Gaza Strip, taking control of their servers. With the rise in cyber incidents, there have also been hacktivist operations occurring aiming to attack government websites and IT systems in Israel, the U.S., and India.
Why is it noteworthy?
With cyber incidents on the rise throughout the conflict, it has displayed complex and sophisticated cyberattacks against critical systems around the world. This has been an eye-opening experience to the capabilities of modern-day hackers/hacker groups. It has made cyber security an even more important entity for all businesses and organizations than ever before.
What is the exposure or risk?
Many governments, organizations, and critical infrastructures have been affected by the recent attacks. These attacks have demonstrated denial of access to assets/services, exfiltration of sensitive data, defacement of websites, spreading of false information, panic, and much more. Outside of the conflict, these malicious actions are potentially still a threat to organizations everywhere. It is recommended that security measures are up-to-date and are checked consistently for the best posture to protect your organization’s assets.
What are the recommendations?
- Regularly provide security awareness training and conduct phishing simulations for employees.
- Perform vulnerability management to mitigate the attack surface of your organization.
- Audit user permissions/access to systems within the organization.
- Segment critical systems on the network away from other resources.
- Have an organized disaster recovery plan in place to prepare for a potential cyber incident.