Cyber Attacks on Israeli Websites Reach New Heights
Looking at a snapshot of claimed attacks on Telegram, Israel, by far, is the top attacked state. Guest author Ron Meyran, Radware’s Head of Cyber Intelligence, explains
Cybertech
| 16/10/2023
With Hamas’ invasion of Israel, there has been a surge in cyberattacks against Israeli targets. Looking at a snapshot of claimed attacks on Telegram, Israel, by far, is the top attacked state. Israeli websites were targeted mostly by pro-Palestinian hacktivists and in a few cases by pro-Russian hacktivists.
Attack characteristics according to Telegram data:
- Targets: Government was the most attacked website category, accounting for 36% of all claimed attacks, followed by news and media (10%) and travel (9%).
- Top actors: The top politically and ideologically motivated hacktivists claiming DDoS attacks against Israeli websites included Indonesian threat actors Garnesia Team, Moroccan Black Cyber Army, Ganosec Team, and Mysterious Team Bangladesh, as well as Indian group Team Herox. Sudanese hacktivist Anonymous Sudan and pro-Russian hacktivist Killnet also participated.
- Attack size: Volumetric, network-level DDoS attacks ranged from 1.2Gbps to 135Gbps. In addition, application Web DDoS attacks ranged between 9 thousand HTTPS RPS to 2 million RPS.
- Attack duration: Most of the observed DDoS attacks lasted several hours with others spanning 24 hours. During the longer assaults, the hacktivists morphed their attacks by randomizing attack vectors to make detection and mitigation more difficult
Graph courtesy Radware
Cyber Attacks: Cases and Insights:
- Pro-Russian threat actors join the mix. Pro-Russian threat actor Killnet claimed several attacks on Israeli government sites and banks. Given that Killnet is the most media-savvy of all pro-Russia hacktivist groups, their decision to join the cyberattacks targeting Israel could be interpreted as a need for recognition in the media, regardless of the type of conflict or event.
- Attackers target Israel’s critical infrastructure. In cooperation with SiegedSec, Anonymous Sudan claimed they attacked Industrial Control Systems in Israel. Their objectives are public infrastructure such as power grids, water systems, and civil services. Anon Ghost group claims they impacted the Red Alert system. We have seen these systems down in previous conflicts.
- DDoS attacks are used to camouflage data breaches. In some cases, we have seen the use of large, volumetric DDoS attacks, as a means to disguise the real intention of attackers to gain access to confidential information. Examples we have observed include technology departments in universities.
- Few actors claim attacks that are later discovered as fake attacks. One actor, for example, claimed a DDoS attack on the Palestinian Safa Bank. This was followed by an announcement by Team Insane Pakistan, published on their Telegram, calling the attackers “clowns” with digital proof that at the time of the attack Safa Bank was accessible from all over the globe.
By Ron Meyran, Head of the Cyber Intelligence Division at Radware
Looking at a snapshot of claimed attacks on Telegram, Israel, by far, is the top attacked state. Guest author Ron Meyran, Radware’s Head of Cyber Intelligence, explains
Cybertech
| 16/10/2023
With Hamas’ invasion of Israel, there has been a surge in cyberattacks against Israeli targets. Looking at a snapshot of claimed attacks on Telegram, Israel, by far, is the top attacked state. Israeli websites were targeted mostly by pro-Palestinian hacktivists and in a few cases by pro-Russian hacktivists.
Attack characteristics according to Telegram data:
- Targets: Government was the most attacked website category, accounting for 36% of all claimed attacks, followed by news and media (10%) and travel (9%).
- Top actors: The top politically and ideologically motivated hacktivists claiming DDoS attacks against Israeli websites included Indonesian threat actors Garnesia Team, Moroccan Black Cyber Army, Ganosec Team, and Mysterious Team Bangladesh, as well as Indian group Team Herox. Sudanese hacktivist Anonymous Sudan and pro-Russian hacktivist Killnet also participated.
- Attack size: Volumetric, network-level DDoS attacks ranged from 1.2Gbps to 135Gbps. In addition, application Web DDoS attacks ranged between 9 thousand HTTPS RPS to 2 million RPS.
- Attack duration: Most of the observed DDoS attacks lasted several hours with others spanning 24 hours. During the longer assaults, the hacktivists morphed their attacks by randomizing attack vectors to make detection and mitigation more difficult
Graph courtesy Radware
Cyber Attacks: Cases and Insights:
- Pro-Russian threat actors join the mix. Pro-Russian threat actor Killnet claimed several attacks on Israeli government sites and banks. Given that Killnet is the most media-savvy of all pro-Russia hacktivist groups, their decision to join the cyberattacks targeting Israel could be interpreted as a need for recognition in the media, regardless of the type of conflict or event.
- Attackers target Israel’s critical infrastructure. In cooperation with SiegedSec, Anonymous Sudan claimed they attacked Industrial Control Systems in Israel. Their objectives are public infrastructure such as power grids, water systems, and civil services. Anon Ghost group claims they impacted the Red Alert system. We have seen these systems down in previous conflicts.
- DDoS attacks are used to camouflage data breaches. In some cases, we have seen the use of large, volumetric DDoS attacks, as a means to disguise the real intention of attackers to gain access to confidential information. Examples we have observed include technology departments in universities.
- Few actors claim attacks that are later discovered as fake attacks. One actor, for example, claimed a DDoS attack on the Palestinian Safa Bank. This was followed by an announcement by Team Insane Pakistan, published on their Telegram, calling the attackers “clowns” with digital proof that at the time of the attack Safa Bank was accessible from all over the globe.
By Ron Meyran, Head of the Cyber Intelligence Division at Radware
Rare-earth elements between the United States of America and the People's Republic of China
The Eastern seas after Afghanistan: the UK and Australia come to the rescue of the United States in a clumsy way
The failure of the great games in Afghanistan from the 19th century to the present day
Russia, Turkey and United Arab Emirates. The intelligence services organize and investigate