Iran's cyber attackers are trying to project an image of victory in its cyberwar with Israel since, in the physical world, it has suffered embarrassing losses, Israel National Cyber Directorate Chief Yossi Karadi said on Tuesday.
"They have been extremely frustrated that, to date, they have failed to create such a picture," said Karadi.
The INCD chief noted that dozens of Iranian hacker groups affiliated with Iranian intelligence have recently attempted a mix of kinetic and cyberattacks against major Israeli utilities, as well as attacks on the Gulf states’ infrastructure, including the gas sector.
Despite extensive efforts by the Iranians to use cyber weapons to harm Israel’s critical infrastructure, no major harm has occurred to date, with their largest victory being taking over Israel Railways’ monitors in a couple of locations on March 11.
During that period, they broadcast false messages to stir panic and confusion among railway travelers. Even this “success,” however, is considered far less dangerous than direct harm to electrical, water, or other critical utilities.
Iran cyber attacks hit 50 Israeli businesses
In addition, Karadi said that Iran has, in recent weeks, tried to wipe out thousands of Israeli businesses by deleting all of their data, but only succeeded 50 times.
Karadi said the INCD, IDF, Shin Bet, and other security agencies have so far prevented the worst-case scenario from occurring.
Next, Karadi was asked if a reported US attempt to kill top Iranians running the Handala hacker group had impacted the threat that the group presented.
He responded that there was a clear impact – a reduction in Handala’s competency and professionalism after the US strike.
Also, he said that the war set back Iranian hackers in its early days.
However, he also said that the nature of the cyber realm is that hacking attacks can be maintained by a wide variety of cyber agents, even if one or more hacking command centers are destroyed or disabled.
In that sense, keeping up with cyberattacks is less dependent on large physical spaces than maintaining physical attacks.
On another front, Karadi said that the level of coordinated hacking attacks between Iran and Hezbollah has risen significantly during the current war.
An additional problem that Karadi warned about was Iran’s hacking of Israeli surveillance cameras.
He said that many Israeli cameras have poor cybersecurity, particularly in private residential area cameras.
Karadi cautioned that these cameras are “a very high-quality intelligence collection tool.”
According to the INCD chief, his agency helped block 50 hacking attempts of these cameras, which could have led to far wider network penetrations.
Recently, Israeli officials have told foreign sources that they hacked Iranian surveillance cameras to help them locate and assassinate top Iranian officials.
Regarding calls to the INCD’s emergency line, Karadi said that the agency has received 4,019 calls, of which 1,901 related to social engineering attempted hacks, 930 related to digital influence campaigns, and others related to a variety of other issues.
The INCD chief said that the cyber bureau has reduced the average amount of time it needs for an intervention, following a cyber problem from six hours and 13 minutes to around 30 minutes.
He said that this improved reaction time has already saved hundreds of millions of shekels for penetrated businesses, where mitigating initial harm can be critical. If the intervention time can be reduced further – to six minutes – he said that virtually all of the harm could be avoided even after a hack.
Finally, Karadi lamented that Israel has not yet passed a cyber law, saying that with the authorities that such a law would grant, many of the hacks that have occurred could have been prevented.