Attacks on Israeli orgs ‘more than doubled’ since October 7, cyber researcher says

Avatar

Israeli organizations have seen a “dramatic increase” in cyberattacks since the October 7 terrorist attack, with some organizations experiencing a constant bombardment of intrusion attempts, according to military officials and cybersecurity researchers working in the country.

Gil Messing, the chief of staff at Tel Aviv-based Check Point Software, told Recorded Future News that the cyberattacks on Israeli organizations are driven mostly by politically-motivated groups, such as hackers affiliated with Iran and Hezbollah as well as hacktivists.

An Israeli military official claimed this week that the country’s defense forces’ cloud computing network faced over three billion attempted cyberattacks since the beginning of the war with the Hamas militant group last October. 

According to Col. Racheli Dembinski, commander of the central computing system unit known as Mamram, hackers targeted the Israeli Defense Forces’ (IDF) cloud infrastructure, which is used by many systems serving troops on the ground. 

Local media reported on Dembinski’s speech during a cyber conference last week where she said that all the cyberattacks were blocked and no system was compromised. Dembinski did not attribute the attacks to specific threat actors. 

Dembinski didn’t specify the types of attacks carried out against the IDF’s cloud infrastructure or how sophisticated they were. Messing confirmed that Israeli businesses and organizations have seen “a very dramatic increase in cyberattacks since the war began.”

“Attacks, in general, more than doubled, to the point that an average Israeli organization is attacked more than 2,200 times every week,” said Gil Messing, the chief of staff at Tel Aviv-based Check Point Software. 

He told Recorded Future News that the company doesn’t have data to comment on attacks on the military cloud networks but said that the number of attacks announced likely comprises cyber incidents of “any sort.”

Messing said his team is monitoring “over 80 such groups which do anything from defacement and DDoS to ransomware and wipers.”

Earlier in June, the head of the Israel National Cyber Directorate (INCD), Gaby Portnoy, warned Israel and its allies about Iranian cyberattacks.

“We have identified that Iran is attacking its allies and other countries for information extortion and damaging digital services,” Portnoy said. “The information stolen from government systems is then used for Iranian cyberterrorism.”

The countries targeted by Iran, according to Portnoy, include Saudi Arabia, Oman, Canada, the U.S., the UAE, India, the U.K., Germany, Australia, and Austria.

Research from Check Point and Sekoia published earlier this week showed that the suspected Iranian state hacking group MuddyWater is targeting organizations in Israel and across the Middle East with a previously unseen custom backdoor. 

MuddyWater has also previously targeted government entities, municipalities, media outlets, and travel agencies in Israel, Turkey, Saudi Arabia, India, and Portugal.

Messing said that Check Point tracks at least five hacking groups targeting Israel that they believe originate from Iran or work on its behalf. Their attacks are “large-scale” and target the public sector, IT companies, universities, and other entities. The company also tracks 5-6 other groups that reportedly work on behalf of Hezbollah.

CybercrimeGovernmentNewsNation-stateNews Briefs
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Daryna Antoniuk

is a reporter for Recorded Future News based in Ukraine. She writes about cybersecurity startups, cyberattacks in Eastern Europe and the state of the cyberwar between Ukraine and Russia. She previously was a tech reporter for Forbes Ukraine. Her work has also been published at Sifted, The Kyiv Independent and The Kyiv Post.

 

Total
0
Shares
Previous Post

‘GhostEmperor’ returns: Mysterious Chinese hacking group spotted for first time in two years

Next Post

UK national blood stocks in ‘very fragile’ state following ransomware attack

Related Posts

The water industry wants to write its own cybersecurity rules. Will Biden and Congress go for it?

When Iranian government operatives hacked into water utilities across the U.S. late last year, it was a chilling reminder of how vulnerable the water sector remains — and how tortuous the efforts to regulate its cybersecurity have been.
Jason Macuray
Read More

Cisco Issues Urgent Fix for ASA and FTD Software Vulnerability Under Active Attack

Cisco on Wednesday said it has released updates to address an actively exploited security flaw in its Adaptive Security Appliance (ASA) that could lead to a denial-of-service (DoS) condition. The vulnerability, tracked as CVE-2024-20481 (CVSS score: 5.8), affects the Remote Access VPN (RAVPN) service of Cisco ASA and Cisco Firepower Threat Defense (FTD) Software. Arising due to resource
Avatar
Read More