In recent years, the cyber arena has undergone a significant transformation. During the ongoing Israel-Hamas war, we’ve witnessed the trends in cyber attacks during wartime, their effects, and what attacked organizations need, and often lack to handle them.
The era of vanity hacking and amateur cyber incursions is fading, giving way to more organized, sophisticated, and resource-intensive cyberattacks. These attacks are no longer limited by the size or field of the organization; they are pervasive and indiscriminate.
We're seeing a surge in organized crime and nation-state and nation-state-affiliated attackers, focusing on source code and PII data theft for corporate espionage and intelligence gathering.
On the cyber-war front, a notable shift has occurred in nation-state cyber activities. From destructive operations, we are now witnessing a move towards long-term espionage and reconnaissance campaigns.
Earlier this year, before Hamas initiated its kinetic attack on southern Israel, Microsoft uncovered a cyber attack group it codenamed “Storm-1133”. Utilizing sophisticated social engineering techniques, this pro-Hamas group targeted Israeli energy, defense, and telecommunications private sector organizations to infect them with intelligence-gathering malware.
Since the October 7 war broke out, various state-actor affiliated hacker groups - Russian, Iranian, Hezbollah, and Hamas-linked, have increased their offensive efforts against Israel. The frequency and sophistication of cyberattacks against Israel have escalated, according to Checkpoint, which saw an 18% rise in cyberattacks, with a 50% rise specifically in government sector attacks. So much so that in the last couple of months, Israeli regulatory bodies and security agencies have become more proactive, initiating alerts to potential attacks, Howden Insurance, which offers cyber-crisis insurance, told us recently.
While we’ve observed opportunistic, financially motivated attacks exploiting the emergency state in Israel ransomware attacks on Israeli companies have doubled since the war started and are still prominent a significant chunk of these attacks are war motivated, aiming to cripple infrastructure, spy, leak data, humiliate Israel and demoralize Israelis.
Among the attacks are false alerts sent to Red Alert apps, website defacements, DDoS, source code and PII stealing and leaking, and server deletion.
Attackers targeted the Israeli national water company, gov’t bodies, academia, cybersecurity companies, commercial companies, news sites, banks, hospitals, web hosting providers, security cameras, innovative city management systems, Israel’s GNSS (Global Navigation Satellite Systems), SCADA-like systems, and even American water, energy, and food PLC systems made in Israel, and two Bahrain government ministries sites, allegedly as retribution for the country's stand on the Israel-Hamas war.
Hackers and hacktivists also created fake social media users to lure IDF personnel into divulging military secrets and are running influence campaigns using sock-puppets and bots on social media.
A new era
This new era of cyber threats requires a paradigm shift in how organizations approach cybersecurity. Traditionally, the focus has been on detecting and preventing attacks. However, many Israeli organizations, not even having considered themselves worthy of being targeted, were caught unprepared when they faced their first cyber crisis during the war. They could not manage incidents, conduct investigations, consult experts, make strategic decisions, and effectively execute response plans.
Moreover, organizations now face second-hand cyber crises due to attacks on their third-party vendors. A recent, glowing example is the three-hour outage of Israeli emergency services' phone hotlines. While a cyber attack didn’t cause the incident, telecom infrastructure work requires robust contingency planning, including data backup, alternative standby systems, etc. This is true not only for Israeli organizations attacked during the war but all organizations facing cyber attacks - essentially every organization on the planet.
This war saw numerous Israeli organizations falling victim to cyber crises. The Israeli cyber industry rallied to help them, free of charge. But what was evident very early on is that while many offered consulting services, the volume of the attacks and the number of victims required a technological tool to scale.
Currently working on such a platform, we at Cytactic made it available to them pro bono. Their crises would usually require entering a complete cyber crisis management procedure. Still, due to the circumstances, our platform provided first aid, helping them take control back to their own hands and respond quickly.
The attacks came from varied fields a hardware maker whose source code was compromised, a service company whose customer data was being stolen, a manufacturer whose trade platform was disabled, a communication company whose servers were being wiped out, and a security company whose emails were infiltrated.
But when it came down to solving the problem, this unintended testing ground showed that they all lacked tools for their identical vital needs:
- Situational assessment allows for making sense of the incident and its severity
- Response plan, dynamic action plan created, deployed, and updated in real-time as the situation evolves
- Expert assisted decision making
- Command and control to orchestrate all role holders and team member
- Central management dashboard for all the different interfaces
The lessons we learned from this emergency effort and our impromptu users’ experience and needs are that cyber attack prevention is not always possible and seldom enough and that organizations desperately need a platform to help them prepare for such attacks and manage them when they happen.
Organizations need to become resilient and be prepared for a cyber crisis - having the ability to manage the response - which is multidimensional, interdisciplinary, and managerial. This rings so true that there’s a wave of cybersecurity investments in management and response tools, not just technology.
Earlier this year, Andreessen Horowitz and two other investors led a $55 million early-stage funding for cybersecurity crisis response startup CYGNVS. The Israel-Hamas war it seems, has not only reshaped the landscape of cyber warfare but also underscored the urgent need for innovation in cybersecurity strategies.
Dr. Nimrod Kozlovski is the founder of Cytactic, a cyber crisis management and resilience firm.