Cyberattack causes credit card readers to malfunction in Israel

Devices used across Israel to read credit cards malfunctioned on Sunday due to a suspected cyberattack that disrupted the communications services underpinning them.

Customers at supermarkets and gas stations were reportedly unable to make payments due to the incident, which reports suggest lasted around an hour.

As reported by the Jerusalem Post, the cause was a distributed denial-of-service attack (DDoS) that targeted the payment gateway company Hyp’s CreditGuard product.

The attack disrupted communications between the card terminals and the wider payment system, but was not capable of stealing information or payments.

A spokesperson for Hyp told the Jerusalem Post that it had ruled out a more significant attempt to interfere with its networks and infrastructure.They said the DDoS attack targeted “some of the company’s services and the communication providers connected to us,” but was blocked after being discovered, with the service quickly returning to normal.

It is not clear who was responsible for the attack. The Times of Israel noted that both Channel 12 news and Army Radio had reported that an Iran-linked hacker group claimed responsibility, although no sources were cited.

The incident follows a similar attack in October when the payment firm Sheba was targeted by a DDoS attack. While that attack disrupted payments for roughly three hours, Sheba’s role in the country’s national payment system caused delays in approving debit card payments.

Cyberattacks targeting civilian infrastructure in Israel have increased during the regional conflict following the October 7 terrorist attacks, driven mostly by politically-motivated groups, such as hackers affiliated with Iran and Hezbollah as well as hacktivists.

Attacks caused by these groups have also impacted civilian infrastructure beyond the region. Residents of a remote area on Ireland’s west coast were left without water for two days last year when a pro-Iran hacking group targeted a piece of equipment that the hackers complained was made by the Israeli company Unitronics.

At the time, the U.S. federal government also warned that it was responding to the active exploitation of Unitronics programmable logic controllers (PLCs) used by many organizations in the water sector, including the Municipal Water Authority of Aliquippa.