Israel National Cyber Directorate Chief Gaby Portnoy asked on Tuesday how an Iranian mega-cyberattack on Israel might look.
Portnoy told the Cybertech Conference in Tel Aviv on Tuesday that Tehran and Hezbollah have already tripled the pace of their attacks on Israel since October 7.
He added that the Islamic Republic and Hezbollah unified their efforts more strongly, to launch cyber attacks on a myriad of sectors which they hadn’t previously reached.
According to the INCD chief, “When [Hamas Gaza chiefs Muhammad] Deif and [Yahya] Sinwar succeeded at undermining the physical security of Israelis, at the same time, the Supreme Leader [Ali] Khamenei ordered all-out cyber attacks from Iran and Hezbollah around the clock against Israel.”
The intensity of cyberattacks has increased
He added that “the intensity of cyber attacks is higher than ever before, at least three times higher, and with attacks in every Israeli sector. The cooperation between Iran and Hezbollah increased during the war, including the coordinated attack against the Ziv Hospital in Safed.”
He noted that this attack was led by Iran’s Intelligence Ministry.
The INCD on Monday named Iran and Hezbollah as responsible for the cyberattack last month against Safed’s Ziv Medical Center. The directorate said the goal was not only to obstruct the hospital’s operations but to damage Israel’s general resilience mid-war, particularly while hospitals were overloaded with patients.
Last December, the INCD identified the hacker group as AGRIUS, which is connected to the Iranian Intelligence Ministry, and which used Lebanese Cedar, a group linked to Hezbollah. Mohammed Ali Marai was identified as the lead operator for the Hezbollah hacking group.
The hack was partially successful; they succeeded at breaking into the hospital’s information systems to access patients’ sensitive, personal details, and then they released this data online.
However, the hospital and INCD blocked the hackers from interfering with the hospital’s general operations.
Although there was a temporary period in which the hospital disconnected from many of its electronic services, relying on traditional backup systems for keeping ongoing records instead, none of the healthcare facility’s actual medical equipment was compromised at any point.
The INCD did not explain how the hackers succeeded, or what the damage impact assessment was on the data that had already been leaked.
More recently, Israel has accused Iran and its proxies of hacking into the Justice Ministry as well as other hybrid cyber-physical attacks, and for a variety of disinformation and social media influence campaigns.
At the conference, German Federal Office for Information Security President Claudia Plattner said that estimates are that Berlin has lost €206 billion to hacking attacks in 2023 – 43% of Germany’s €476b. budget. “This is an impact we cannot sustain,” she said.
She additionally warned of the impact of rogue countries’ cyber social media campaigns undermining the integrity and outcomes of upcoming elections in Germany, the EU, and the US.
She added that cyber-base espionage was at a new high and that all this requires retraining Germany’s 84 million people into securing their digital base in a completely different way.
Dr. Melanie Garson, from the Tony Blair Institute for Global Change Cyber Policy Lead, in England, asked whether the UK and democratic countries are “able to adapt and be ready for election cyber attacks,” warning that disinformation can “bring down” the integrity of elections as much as any technical threat.
Former Unit 8200 chief and current Team 8 Co-Founder and Managing Partner Nadav Zafrir warned that the world is moving “from Mediocristan to Extremistan.”
He explained that until now, “risk could be assessed in bell curves based on what usually happens versus what deviates from there. That is ok in Mediocristan, but is not enough for Extremistan,” meaning that “unusual and extreme” events are becoming far more common and must be anticipated and treated as such, not as infrequent events.
“Black swans are becoming very abundant,” he said, adding, “This is a very adventurous and dangerous time for the world,” while predicting that cyber and artificial intelligence capabilities would eventually improve the world, but that “the world will get worse before it gets better.”
CyberArk CIO and former commander of MARAM, a key IDF cyber defense unit, Omer Grossman said that Western democratic countries must race ahead to improve identity protection measures, including with biometric and other tools, to keep up with AT’s deep fake identity theft capabilities.