Hacktivist groups have asserted responsibility for launching distributed denial-of-service (DDoS) and defacement attacks on Israeli websites in response to the conflict between Israel and Hamas. Cybersecurity experts now warn about the potential for more significant and impactful attacks.
According to a report by Radware, Israel experienced 143 DDoS attacks from October 2 to October 10, making it the primary target during that timeframe. These attacks were all claimed by hacktivists via the messaging service Telegram.
Timeline of Hacktivist Attacks So Far
Activity commenced on Saturday, October 7, coinciding with Hamas’ surprise attack on Israel that marked the beginning of the conflict. On that day, various groups claimed responsibility for 30 DDoS attacks. Subsequently, more than 40 claims were made on both October 9 and 10.
According to Radware, attacks targeting Israeli government agencies accounted for 36% of all claimed DDoS attempts. News and media sites were the target in 10% of the cases, followed by the travel sector at 9%.
Pro-Palestinian hacktivist groups, including entities such as Garnesia_Team from Indonesia, the Moroccan Black Cyber Army, and Anonymous Sudan, were the primary sources of these claims.
Additionally, the pro-Russian threat group known as Killnet, which had previously engaged in DDoS attacks against countries supporting Ukraine following the Russian invasion, also made claims of several attacks. Radware cited their Telegram claim of targeting Israeli government sites and banks, including Shabak.gov.il, which is Israel’s internal security service.
Are More Sophisticated Attacks Coming?
Most of the cyber activity related to the Israel-Hamas conflict has primarily revolved around low-level DDoS attacks and website defacements. However, there are indications that more significant attacks are being attempted.
On October 9, Group-IB reported that the hacktivist group AnonGhost, a pro-Palestinian spinoff of Anonymous, exploited an API vulnerability in the ‘Red Alert’ app, which provides real-time rocket alerts for Israeli citizens. According to Group IB, they successfully intercepted requests, exposed vulnerable servers and APIs, and used Python scripts to send spam messages to some app users. Additionally, the group sent fake messages about a “nuclear bomb” based on their chat logs.
Meanwhile, SecurityScorecard’s threat intelligence team noted that on October 10, the hacktivist group SiegedSec claimed responsibility for a series of attacks on Israeli infrastructure and industrial control systems (ICS). Attacks on ICS systems could have severe consequences, as these systems are critical for services like energy and water.
As of October 11, there is no indication that the IP addresses listed by SiegedSec as targets have experienced denial-of-service attacks. SecurityScorecard mentioned that this could suggest that these attempts were likely unsuccessful, though other explanations should be considered.
Former US National Cyber Director Chris Inglis, speaking at the Predict 2023 conference, expressed the belief that cyberattacks will likely become a part of the ongoing conflict.
Be Careful What You Believe
Allan Liska, a threat intelligence analyst at Recorded Future, confirmed the verification of several DDoS attacks, which included those targeting the Jerusalem Post, certain Israeli hospitals, and Israeli government agencies.
Liska pointed out that these incidents have been of short duration and limited impact while occurring. Nevertheless, he cautioned against assuming there won’t be more successful attacks in the future.
He emphasized the need for caution when interpreting cybercriminal communications, as there’s a significant amount of information shared on underground forums and Telegram channels regarding “exposed infrastructure,” much of which is often found to be false, outdated, or incomplete.
Jason Steer, the Chief Information Security Officer (CISO) at Recorded Future, raised concerns about the substantial misinformation circulating in the context of Israel-Hamas relations, making verifying claims related to cyber incidents challenging.
Despite the difficulties in verification, he anticipates that Israeli organizations will continue to be prime targets following the conflict due to numerous groups seeking to make an impact.
Steer acknowledged that while DDoS and defacement attacks are relatively unsophisticated, mitigating them isn’t always straightforward and can significantly disrupt the victim’s operations. He emphasized the importance of promptly countering DDoS attacks, ideally by using services like Cloudflare. Additionally, he stressed that securing websites and social media accounts requires the implementation of Multi-Factor Authentication (MFA) controls and the creation or updating of relevant policies.