The ongoing conflict between Israel and Hamas has led to a significant increase in cyberattacks, which continue to intensify as the war prolongs, in Israel, according to Check Point software.
“We have seen an increase of approximately 20% in cyberattacks in Israel during the war, including more than 50% when it comes to attacks on the government sector. So far, we don’t see this increase elsewhere on a global level,” said Gil Messing, Chief of Staff at Check Point Software Technologies.
As the war, which started on October 7, intensifies, there has been a significant increase in the frequency and sophistication of cyberattacks. While initially, the attacks were focused on DDoS and defacements, this is changing.
“Around three weeks ago, several known Iranian APT [Advanced Persistent Threat] Groups started to attack organizations in Israel, mostly public/government entities, academia, and supply chain companies working with the government. These attacks are more significant, strong malware, ransomware, and wipers,” Messing said.
Attacks on Ikea in Israel
A prominent threat actor to emerge recently is Cyber Toufan, which is targeting Israeli businesses and organizations, including Signature-IT and Ikea in Israel. Signature-IT provides ecommerce and website hosting services to several government entities and ecommerce companies in Israel.
“By attacking Signature-IT, they [Cyber Toufan] were able to access a large list of companies and national entities’ websites. Every day, they leak large databases taken from the websites of at least one entity. These are big SQL files (from 700 MB to a few or 16 GB) with data of millions of users, including emails, phone numbers, names, and business interactions done on the site with comments left to the owner of the site,” explained Messing.
Significantly, the group managed to attack and leak information about Max Security, a prominent cybersecurity and geo-intelligence company in Israel. Other significant targets include Radware, a cybersecurity firm, and Israel Innovation Authority, an Israeli government company formed to provide tools and funding to promote innovation.
Links to Iran-backed threat actors
Check Point said it believes Cyber Toufan is the handiwork of Iranian state-sponsored threat actors.
“Cyber Toufan shows higher capabilities and a very direct style which is common to Iranian-backed threat actors. We reach this conclusion both by analyzing the attack, the form of announcing it, capabilities used here and seen before on other attacks around the world linked to Iran, the width of damage made, and the growing presence of these players in the cyber sphere in Israel in the past few weeks,” Messing said.
“Also, Toufan is linked to how Hamas calls the war (Al Aqsa Toufan), and since the beginning, the group links its operations to the war,” he added. Earlier this week, Cyber Toufan declared a “ceasefire,” stopping the release of data leaks, for the duration of a ceasefire between Israel and Hamas.
Clearly, Israel’s Government and businesses are not the only ones suffering because of an increase in cyberattacks. Bahrain’s two government ministries became inaccessible on Wednesday because of a cyberattack allegedly because of the country’s stand on the Israel-Hamas war.
Last month Indian Cyber Force claimed the hacking of several Palestinian government websites. As the war intensifies, the tit-for-tat retaliatory cyberattacks targeting the digital infrastructure of the two warring countries and their supporters are also likely to grow.