Cyberwarfare / Nation-State Attacks , Fraud Management & Cybercrime
Cyberattack Tempo Ratchets Up in Israel
Cyber Israel Warns of a Wave of Phishing AttemptsCyberspace aggression against Israel has intensified since the onset of war in the Gaza Strip, changing in nature from simple online vandalism to attacks aimed at causing disruption and sowing fear, says Israel's cybersecurity agency.
Cyber Israel in a Sunday report said it is tracking roughly 15 hacker groups associated with Iran, Hamas and Hezbollah that are maliciously acting in Israeli cyberspace.
See Also: OnDemand | 2024 Phishing Insights: What 11.9 Million User Behaviors Reveal About Your Risk
One of the most prominent attack vectors is phishing emails and messages impersonating government alerts and software updates. Following the Oct. 7 incursion into Israel from Gaza by Hamas - and the subsequent Israeli counteroffensive - the intensity of phishing has increased, the report says.
Cyber Israel warned Monday of an Iranian phishing attack that had impersonated an email message from F5, a company that provides cybersecurity products to many organizations in Israel. It campaign goal was to trick computer personnel of the targeted organizations into downloading a putative security update, which in turn resulted in the download of information stealers and data wipers. The malicious apps are often disguised by using "living off the land" binaries. LOLBins make use of legitimate system utilities and tools for malicious purposes. The cyber agency in November warned of a Linux wiper using LOLBin techniques.
The info stealer is a variant of Rhadamanthys, an off-the-shelf stealer also observed in attacks against Ukraine. The stealer file is intended for Windows servers and is disguised as an F5 updater file.
A list of vulnerabilities used for gaining an initial foothold also includes high-profile vulnerabilities including Citrix Bleed, a flaw in WinRAR known to be popular with nation-state hackers and tracked as CVE-2023-38831 and Cyber Israel also said it has faced waves of distributed denial-of-service and psychological warfare through disinformation and influence operations. Attempts to amplify on social media the effects of a cyberattack is a technique seen in Ukraine, the report says (KillNet DDoS Attacks Further Moscow's Psychological Agenda).
Another trend is an increase in ransomware - part of the psychological ops campaign, according to the report.