Growing Concern Over Role of Hacktivism in Israel-Hamas Conflict
Hacktivists have claimed to hit Israeli websites through DDoS and defacement attacks following the outbreak of conflict between Israel and Hamas. Cybersecurity experts now warn of signs of more impactful attacks being attempted.
Researchers from Radware found that Israel endured 143 DDoS attacks between October 2 and October 10, making it the most targeted nation state during that period. These attacks were all claimed by hacktivists on the messaging service Telegram.
Timeline of Hacktivist Attacks So Far
Activity began on Saturday, October 7, the day Hamas launched its shock attack on Israel that began the conflict. On this day, 30 DDoS attacks were claimed by various groups. Subsequently, more than 40 claims were made on both October 9 and 10.
Attacks against Israeli government agencies made up 36% of all claimed DDoS attempts, according to Radware. This was followed by news and media (10%) and travel (9%).
Claims were primarily made by pro-Palestinian hacktivist groups, including Indonesian threat actor Garnesia_Team, Moroccan Black Cyber Army and Anonymous Sudan.
Pro-Russian threat group Killnet, which engaged in DDoS attacks targeting websites in countries that supported Ukraine following the Russian invasion, also claimed several attacks.
Radware cited the group’s claim on Telegram that it targeted Israel government sites and banks, including Shabak.gov.il, Israel’s internal security service.
On October 9, Israeli newspaper The Jerusalem Post revealed on X (formerly Twitter), that it experienced downtime due to cyber-attacks.
Are More Sophisticated Attacks Coming?
While most of the cyber activity relating to the Israel-Hamas conflict has centered around low-level DDoS and website defacements, there are signs of more impactful attacks being attempted.
On October 9, Group-IB reported that hacktivist group AnonGhost, a pro-Palestinian Anonymous spinoff, exploited an API vulnerability in the ‘Red Alert’ app, which provides real-time rocket alerts for Israeli citizens.
In a post on X, Group IB explained: “In their exploit, they successfully intercepted requests, exposed vulnerable servers and APIs, and employed Python scripts to send spam messages to some users of the app. According to the group’s chat logs detected by Group-IB’s Threat Intelligence system, they also dispatched fake messages about a “nuclear bomb’.”
Meanwhile, SecurityScorecard’s threat intelligence team noted that on October 10, hacktivist group SiegedSec claimed responsibility for a series of attacks against Israeli infrastructure and industrial control systems (ICS). Attacks on ICS could have severe consequences, with these systems used in essential services like energy and water.
However, as of October 11, there is no indication that the IP addresses SiegedSec listed as targets have experienced denial of service attacks.
“This could mean that these attempts were likely unsuccessful, though other explanations merit consideration,” SecurityScorecard said.
During last week’s Predict 2023 conference, former US National Cyber Director Chris Inglis said he believes cyber-attacks will likely become part of the unfolding conflict.
Be Careful What You Believe
Allan Liska, threat intelligence analyst at Recorded Future, told Infosecurity that they were able to verify some DDoS attacks including those against the Jerusalem Post, some Israeli hospitals and Israeli government agencies.
While these incidents have been “short lived and not impactful,” according to Liska, “That doesn’t mean that there won’t eventually be a more successful attack.”
However, he urged cation when believing cyber-criminal chatter.
“There is a lot of information being shared on underground forums and Telegram channels about ‘exposed infrastructure’ but much of that turns out to be false, outdated or incomplete,” he said.
Jason Steer, CISO at Recorded Future, warned that the huge amount of misinformation relating to Israel-Hamas makes verifying claims made about cyber incidents difficult.
Nevertheless, he expects Israeli organizations to be heavily targeted in the wake of the conflict, as there are many groups motivated to create impact.
He noted that while DDoS and defacement attacks “are at the lower end of sophistication,” mitigating them isn’t always easy, and they can have a major impact on the victim’s operations.
Steer said: “The targets are hopefully mitigating the DDOS attacks quickly by using services such as Cloudflare. But websites and social media accounts need more thought. Securing social media accounts needs MFA controls and policies to be created / updated.”
Image credit: BryanL / Shutterstock.com