Cyber Operations Intensify in Middle East, With Israel the Main Target

  /     /     /  
Publicated : 23/11/2024   Category : security


Cyber Operations Intensify in Middle East, With Israel the Main Target


Cyberattacks tripled over the past year in Israel, making it the most targeted nation in 2023, as cyber operations become a standard part of military conflicts and global protests.



As tensions in the Middle East continue to escalate, cyberattacks and operations have become a standard part of the fabric of the geopolitical conflict.
Last week, the head of Israels National Cyber Directorate blamed Iran and Hezbollah for around the clock cyberattacks against the countrys networks, government agencies, and businesses, tripling in intensity as Israels military operations continued against Hamas in Gaza. Following Quds Day — Irans commemoration of its pro-Palestinian Jerusalem Day on April 5 — dozens of denial-of-service attacks disrupted Israeli targets, according to data from cybersecurity firm Radware.
While the volume of cyberattacks are running at a lower level so far this year, renewed tensions between Israel, Iran, and Lebanon could easily lead to more cyber activity, says Pascal Geenens, director of threat research for Tel Aviv-based Radware, a maker of cloud security solutions.
There are two planes that we need to consider here, Geenens says. One is more nation-state aligned, meaning purposely doing attacks against another nation, while the other is all the hacktivist activity — they just want to share their message [and] show that theyre not happy with the situation.
Overall, Israel should be ready for more destructive cyberattacks, as Iran and other regional cyber groups have shown little restraint in such attacks, Google conclude in its
Tool of First Resort: Israel-Hamas War in Cyber
report, published in February. As Iran and Hezbollah appear ready to use destructive cyberattacks against both Israel and the United States, Israeli-linked groups likely will continue to target Iran, and hacktivists will likely target any organization they deem associated with their perceived enemies, the report stated.
We assess with high confidence that Iran-linked groups are likely to continue to conduct destructive cyber attacks, particularly in the event of any perceived escalation to the conflict, which may include kinetic activity against Iranian proxy groups in various countries, such as Lebanon and Yemen, the company stated in the report.
When Russia invaded Ukraine, the Russian military used cyberattacks to target Ukraine prior to the invasion and during the invasion, and widely attacked the US and Ukraines allies in Europe in the two years since the start of the war.
For the Middle East, the cyber conflict has a different character. On one hand, the participants in the conflict have different strengths and limitations, which are affecting their options and making the cyber conflict more asymmetrical. Where the Russian government has a unity of purpose, Iran and Hamas are more opportunistic adversaries. Where Russia and Ukraine have similar cyber capabilities, Israels military operations have limited Hamas ability to respond, and the country has the most sophisticated cyber-offensive capabilities in the region, says Ben Read, head of cyber espionage analysis for Google Clouds Mandiant incident-response group.
Iran is very opposed to Israel, but arent a direct party to the conflict, so their goals arent necessarily about supporting the seizure of territory in the same sort of way as Russia, he says. Because conventional weapons are not [currently] an outcome acceptable to Iran, they are using cyber to do some destructive [operations]. ... Cyber can be an easier tool to reach for there.
Iran is not the only anti-Israeli actor in the region. Google has observed cyber operations by groups linked to Hezbollah, a Lebanese Islamist political party and militant group aligned with Iran.
Iran
has also been the target of disruptive cyber operations in the context of the conflict, says Kirsten Dennesen, reporting analyst with Googles Threat Analysis Group (TAG). Several disruptive attacks on the nations infrastructure have been attributed to Predatory Sparrow, which
reappeared in October
and
attacked Iranian gas stations in December
, and which some analysts have linked to Israel.
Telegraphing intent and demonstrating involvement in the conflict without escalating or directly taking part in on-the-ground confrontation ... limits potential blowback while also giving regional players the opportunity to project power through the cyber domain, she says. Moreover, cyber capabilities can be quickly deployed at minimal cost by actors who may wish to avoid armed conflict.
Nation-states are not the only actors involved in the conflict. In the past year, hacktivism has taken off as technologically savvy protesters react to the Russia-Ukraine war and the conflict between Israel and Hamas. Much of the increase in attack activity in Israel is due to hacktivism, as is
demonstrated by sharp upticks in denial-of-service attacks
, says Radwares Geenens.
Its not like it did not exist before, but before they were much less organized, and now they have like this ability to gather on Telegram, he says. They all started to communicate with each other through hashtags. They find each other much more easy, so they come together and create alliances to perform attacks.
In the past, the groups banded together under the Anonymous name, claiming the monicker for their own and attempting to get other groups to sign up. Today, they use operation-specific hashtags on Telegram to gain like-minded collaborators, a much more efficient method of operation, Geenens says.
Hacktivism likely will continue to fuel attacks against not only Israel, but other countries as well, he says. Attacks are more likely to ramp up quickly as nation-states develop standard techniques and hacktivists are able to collaborate more efficiently.
Anything that happens in the future, Geenens says, whether it be a military operation or an outcome of an election that they dont like or somebody says something that that they dont like — they will be there and there will be a wave of DDoS attacks.

Last News

▸ Some DLP Products Vulnerable to Security Holes ◂
Discovered: 23/12/2024
Category: security

▸ Scan suggests Heartbleed patches may not have been successful. ◂
Discovered: 23/12/2024
Category: security

▸ IoT Devices on Average Have 25 Vulnerabilities ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Cyber Operations Intensify in Middle East, With Israel the Main Target