Conflicts have had a digital component since before the beginning of the century be they by the combatants or their sympathizers. The recent heinous attack on Israel by the Hamas terrorist group was no exception. These actions highlight the need for CISOs, especially those with entities in Israel, to flex their backup infrastructure and business continuity plans, look for new threats, and be more engaged.
Disruption, personnel drain affect crisis plans
Those who have lived or worked in Israel already know that the trigger points that cause companies to invoke their crisis plans run higher than in other locales. We are a bit over one week after the beginning of the war and it is no surprise that we find nearly every company with assets in Israel having seen their day-to-day operations experience some disruption.
The need to go to a war footing has also caused personnel issues. The call-up and activation of reservists to the Israeli Defense Force (IDF) have taken 360,000 Israelis from their day jobs around the globe. This means that the support personnel present on Friday, October 6, are not available on Monday, October 16, to focus on the network continuity. Then we have the targeting of both official and commercial entities with a plethora of distributed denial-of-service (DDoS) attacks and hacking attempts.
A number of groups have claimed to be behind attacks targeting the Israeli infrastructure. Cybersecurity researcher Julian B. has crafted an interesting timeline that intimates that some activities began on October 6. The timeline serves to highlight the activities of Cyber Av3ngers (Iran aligned), Killnet (Russia aligned), and Anonymous Sudan (a group sympathetic to Hamas, with alignment to Russia).
Anonymous Sudan has claimed responsibility for an attack on the Israeli alert system. The Israeli government advised that human error caused the alert system in northern Israel to activate, giving the impression that that area of Israel was under attack. The Noga — Independent Systems Operator (Israeli electric system management) found itself under a DDoS from the Cyber Av3ngers.
The Jerusalem Post, whose web page became inaccessible on October 7, also was targeted by a DDoS attack. The editors used social media to highlight their lights-out situation and to assure readers and others interested that they were still open for business. The paper’s website eventually was brought back online, but it took a day or two to achieve stability. ZeroFox issued a report that highlighted how the personal identifying information (PII) of individuals from the Israeli Defense Force or Israeli Security Agency was being shared by Russian language dark web forum, RAMP.