web analytics

New DDoS attacks on Israel’s enterprises, infrastructure should be a wake-up call

Rate this post

Experts see the latest DDoS attacks against Israel as a case study in the effectiveness of simple, brute-force cybersecurity attacks, even against the most sophisticated targets.

Israel flag with cybersecurity hacked copy in stock image.
Image: Adobe Stock/Adragon

In recent days, Israel has faced cyberattacks reportedly involving Iran. Experts say the attacks demonstrate the risk that fairly unsophisticated attacks pose even to well-defended enterprises and that other countries should take notice and prepare.

Starting before the annual OpIsrael hacktivist assault on Israeli enterprises from April 6 to 9, Israel experienced recent attacks by Russian entities like Killnet and Anonymous Sudan, a cybersecurity bugbear for Israel this year. The group, aligned with Killnet, carried out exploits in Denmark and Sweden early in 2023 and briefly shuttered the website of Israel’s largest cybersecurity company, Check Point.

The threat group is a key player in the new wave of attacks, timed with the Al Quds Day, Iran’s day of commemoration for Palestine.

The DDoS attacks hit Israel’s banks, critical infrastructure including passport control and processing, the postal service, several telecom companies, as well as smart home and building systems. Among financial sector targets were Bank Leumi, Bank Benleumi, Discount Bank, Mizrahi-Tefahot, Bank Mercantile, and Bank Benleumi subsidiaries Bank Otzar Ha-hayal and Bank Massad.

Other victims included Arkia, El-Al airlines, Assaf Harofeh and Niado hospitals, the Open University, Ben-Gurion University, the Technion and the University of Haifa, as well as media outlets such as The Jerusalem Post, Kan 11 and i24News.

While the damage was limited in most cases  — with briefly hobbled websites, systems and services — they disrupted the nation’s border controls system, according to MEMO, stranding travelers in airports following the busy passover weekend.

A group by the name of GhostSec took responsibility for attacking Israel’s irrigation system and caused water monitors to malfunction, according to HackRead.com. Agricultural systems were also attacked, Intellinews reported.

Cybersecurity experts told TechRepublic that, because of their breadth and reach, the attacks should be taken seriously by countries less prepared than Israel for cyber attacks.

SEE: North America is also a target, especially for ransomware attacks.

‘Widening geopolitical cyberwarfare’

Nadir Izrael is chief technology officer and co-founder of the enterprise security firm Armis, which has offices in Tel Aviv and is working on mitigating damage at some of the affected institutions. He said that given Israel’s status as one of the most cyber-aware nations on Earth — a hub for cybersecurity capabilities — the degree of success of these exploits should put the West on notice: he said they represent widening geopolitical cyber warfare that goes beyond typical DDoS exploits that target a small number of websites.

“Generally speaking, all these attacks happen with more or less sophisticated forms, either abusing different vulnerabilities and systems or brute force DDoS,” Izrael said.

“What’s different about these is that an unsophisticated DDoS tactic would be to blast a website with traffic and take it down. What’s happening here is that attackers have been targeting a lot of weak spots where they are taking down services.”

Izrael added that the attackers have also managed to hobble, albeit briefly, smart IoT functionality at individual homes, buildings and other structures.

Justin Cappos, professor of computer science and engineering at the NYU Tandon School of Engineering, said network provisioning operators need to pay attention to any new group launching large-scale DDoS attacks.

“Defense is much harder than offense in most parts of cyber, so the fact they can locate and harm a few soft targets with high-volume, unsophisticated attacks is not surprising,” said Cappos.

SEE: Like a sedan for Anonymous Sudan, Telegram is market vehicle of choice.

Izrael said the combination of direct attacks by the Iranian government and indirect attacks by affiliated groups achieves two goals: keeping the provenance of the attacks very murky and making the attack seem bigger because the origin of the attacks is unclear. Additionally, the magnitude and impact were unusual, given that the norm for DDoS attacks on small-scale localized targets.

“Israel is at a better war footing than most countries, and having said that it’s still quite the struggle,” he added.

“The success of this despite the full cyber might of Israel shows that there are always weak spots and ways to attack them. Surprisingly effective attacks are possible with fairly simple tools and that is a wake-up call for everyone.”

LinkedIn
Twitter
Facebook
WhatsApp
Email

advisor pick´S post