Cyberwarfare / Nation-State Attacks , Fraud Management & Cybercrime

Cyberattack Tempo Ratchets Up in Israel

Cyber Israel Warns of a Wave of Phishing Attempts
Cyberattack Tempo Ratchets Up in Israel
View of the Gaza Strip from space (Image: Shutterstock)

Cyberspace aggression against Israel has intensified since the onset of war in the Gaza Strip, changing in nature from simple online vandalism to attacks aimed at causing disruption and sowing fear, says Israel's cybersecurity agency.

Cyber Israel in a Sunday report said it is tracking roughly 15 hacker groups associated with Iran, Hamas and Hezbollah that are maliciously acting in Israeli cyberspace.

See Also: OnDemand | 2024 Phishing Insights: What 11.9 Million User Behaviors Reveal About Your Risk

One of the most prominent attack vectors is phishing emails and messages impersonating government alerts and software updates. Following the Oct. 7 incursion into Israel from Gaza by Hamas - and the subsequent Israeli counteroffensive - the intensity of phishing has increased, the report says.

Cyber Israel warned Monday of an Iranian phishing attack that had impersonated an email message from F5, a company that provides cybersecurity products to many organizations in Israel. It campaign goal was to trick computer personnel of the targeted organizations into downloading a putative security update, which in turn resulted in the download of information stealers and data wipers. The malicious apps are often disguised by using "living off the land" binaries. LOLBins make use of legitimate system utilities and tools for malicious purposes. The cyber agency in November warned of a Linux wiper using LOLBin techniques.

The info stealer is a variant of Rhadamanthys, an off-the-shelf stealer also observed in attacks against Ukraine. The stealer file is intended for Windows servers and is disguised as an F5 updater file.

A list of vulnerabilities used for gaining an initial foothold also includes high-profile vulnerabilities including Citrix Bleed, a flaw in WinRAR known to be popular with nation-state hackers and tracked as CVE-2023-38831 and Log4Shell.

Cyber Israel also said it has faced waves of distributed denial-of-service and psychological warfare through disinformation and influence operations. Attempts to amplify on social media the effects of a cyberattack is a technique seen in Ukraine, the report says (KillNet DDoS Attacks Further Moscow's Psychological Agenda).

Another trend is an increase in ransomware - part of the psychological ops campaign, according to the report.


About the Author

Mihir Bagwe

Mihir Bagwe

Principal Correspondent, Global News Desk, ISMG

Bagwe previously worked at CISO magazine, reporting the latest cybersecurity news and trends and interviewing cybersecurity subject matter experts.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.