You are here

Cyber Warfare and Disinformation - Future Attacks Heightened Amid Israel-Hamas Conflict (Updated November 7, 2023)

Cyber Warfare and Disinformation - Future Attacks Heightened Amid Israel-Hamas Conflict (Updated November 7, 2023)

Created: Tuesday, November 7, 2023 - 13:35
Categories:
Cybersecurity

November 7, 2023

In 2021, Anonymous declared a cyber war against Russia after the Ukraine invasion, with similar tactics seen in the Israel-Hamas conflict. While global cybersecurity has improved over 19 months (about 1 and a half years), U.S. companies still face persistent threats:

  • Denial of Service Attacks: These attacks flood websites with excessive traffic, rendering them unavailable to legitimate users for extended periods.
  • Propaganda and Misinformation: Perpetrators can easily use social media, often with the help of sophisticated bot networks, to spread false information, influence opinions, and damage reputations. This tactic is accessible to individuals with minimal technical knowledge.
  • Cyber Espionage: State actors and cybercriminals may infiltrate networks to monitor communications, access valuable trade secrets and employ social engineering tactics.
  • Hacking: Concerts revolve around personal information exposure, potentially leading to harassment, more cyberattacks, and an elevated risk of phishing and malware distribution.
  • Defacing: Hackers often vandalize websites to convey political messages, usually using SQL injections to manipulate site content, but these attacks typically do not result in data theft.

The use of cyber warfare strategies highlights the urgency of addressing cybersecurity challenges in today's rapidly evolving digital age. With no established rules, understanding cyber warfare methods and tactics is crucial to protect individuals, businesses, and government entities. Read more at SC Magazine.

October 26, 2023

Due to the unfolding events in Israel and Gaza, defacement attacks have become a common method employed by cyber actors to target their adversaries. These attacks involve unauthorized modifications to websites or web applications, typically resulting in changes to their content, appearance, or functionality by individuals with malicious intent. The primary goals of defacement attacks often include vandalizing the targeted site, displaying messages or images, and promoting a message or agenda to draw attention to the attacker's cause or skills. It's important to note that defacement attacks constitute just one category of cyberattacks and usually do not entail data theft or harm to a website's infrastructure. However, they can still significantly impact a website's reputation, undermine visitor trust, and serve as a platform for conveying political messages. In this article, we explore some of the groups responsible for these attacks and the victims they target. 

  • DragonForce Malaysia: A pro-Palestinian group based in Malaysia, actively using social media platforms such as Telegram, Twitter, and Instagram. They conduct distributed denial-of-service (DDOS) and defacement attacks, with a recent focus on approximately 125 Israeli websites. They also claim to have accessed Israeli telecommunication systems and share leaked databases. 

  • Cyb3r_Drag0nz_Team: Another pro-Palestinian group engaged in defacement attacks since early October. They have targeted not only Israeli sites but also entities in the U.S. education sector and other countries. Their defacement messages include the identities of contributors, Twitter, and Telegram account details. They have targeted around 157 websites. 

  • X7root: A group conducting defacement attacks against Israeli websites, with a particularly offensive defacement message featuring a Holocaust image. Limited information is available about this group, but they have a Telegram channel that previously sold exploits and now focuses on anti-Israel activities, aligning with the #OpIsrael hashtag used by pro-Palestinian groups. 

Defacement attacks, though not a novel method, gain prominence during periods of conflict, such as the situation in Russia and Ukraine, as they serve as a means for hackers to convey their messages. While the majority of these defacement attacks are linked to pro-Palestinian groups, it's noteworthy that pro-Israel groups are also actively engaged in cyberattacks. These attacks are a favored tool for hacktivist groups looking to leverage their expertise to spread their ideologies. What sets defacement attacks apart is their emphasis on publicizing the actors behind them, their beliefs, and their actions, making them more conspicuous and less damaging to underlying infrastructure than some other attack methods. This contrasts with traditional cyber espionage, which operates discreetly. It is highly probable that these types of attacks will escalate in the near future as hacktivists strive to assert their positions. 

As defacement attacks persist in the Israel-Hamas conflict, it’s evident that ongoing vigilance is required in this evolving cyber warfare landscape. To prevent website defacement, adopt a multifaceted security approach, including auditing for common web vulnerabilities and securing your database. Equally crucial is source code security, especially in guarding against insider threats. Read more at DarkOwl.

October 24, 2023

In a recent report from SentinelOne, they discuss how threat actors, including cyber threat groups, continue to use disinformation tactics via social media platforms and how challenging it can be to control the spread. Disinformation, particularly on social media, can lead to public confusion and create challenges in controlling the spread of such information. Beyond disinformation, state-sponsored threat actors remain a significant concern, with a focus on specific APT groups in association with Hamas, Hezbollah, and Iran. The report emphasizes several threat groups, including: 

  • Arid Viper  

  • Is suspected to operate on behalf of Hamas and primarily conducts cyber espionage and information theft operations. 

  • Gaza Cybergang  

  • Active since at least 2012, primarily targets entities across the Middle East, employing spear-phishing, implants, and various tools. It focuses on intelligence collection and espionage. 

  • Plaid Rain  

  • Targets various sectors in Israel, operating from Lebanon with potential Iran-affiliated coordination. It uses vulnerability exploitation, stolen credentials, and backdoors for initial access, employing the CreepyDrive toolset. 

  • Lebanese Cedar  

  • Linked to Hezbollah and potentially Iran-affiliated actors, targets multiple countries through web server compromises. Its objectives include espionage. 

As the conflict continues, it's crucial to understand and closely monitor all aspects of the rapidly evolving digital domain, as targeted attacks will have real-world consequences. While we collaborate privately, we must also aim to enhance industry knowledge, so we know where to focus our efforts.  

For an expanded version of this report and a complete list of threat actors and groups associated with the Israel-Hamas War, go to Sentinel One's blog post.

October 10, 2023

According to reports, several threat groups have joined in on the Israel-Hamas conflict. State-sponsored threat actors have ramped up their cyber efforts and so have hacktivist groups supporting both sides of the war.

Pro-Hamas Attacks:

According to reports, the first hacktivist attacks were launched by Anonymous Sudan less than one hour after the first rockets were fired by Hamas. The group targeted emergency warning systems and claimed to have taken down alerting applications in Israel. The Jerusalem Post, the largest English-language daily newspaper in Israel, was also allegedly targeted by Anonymous Sudan.

“A pro-Hamas group called Cyber Av3ngers targeted the Israel Independent System Operator (Noga), a power grid organization, claiming to have compromised its network and shut down its website. The group also targeted the Israel Electric Corporation, the largest supplier of electrical power in Israel and the Palestinian territories, as well as a power plant” (Security Week, 2023).

The pro-Russian hacktivist group Killnet has also joined the fray, launching several attacks against Israeli government websites.

A Palestinian hack group called Ghosts of Palestine, have invited hacktivists from across the globe to attack private and public infrastructure in Israel and the United States.

Another group called Libyan Ghosts has started defacing small Israeli websites in support of Hamas.

“In most cases, these hacktivists have used distributed denial-of-service (DDoS) attacks to cause disruption. Some of them claimed to have caused significant disruption to their targets, but it’s not uncommon for hacktivists to exaggerate their claims. For instance, claims by Iran-linked and other hackers that they have launched a cyberattack on Israel’s Iron Dome air defense system are likely exaggerated” (Security Week, 2023). Killnet and Anonymous Sudan, which both have ties to Russia, have been known to launch more disruptive attacks. In the past they targeted major companies such as Microsoft, X (formerly Twitter), and Telegram with massive DDoS attacks.

In a report published last week, Microsoft said it had seen a wave of activity from a Gaza-based threat group named Storm-1133 aimed at Israeli organizations in the defense, energy and telecommunications sectors in early 2023. Microsoft believes the group “works to further the interests of Hamas”.

Pro-Israel Attacks:

A pro-Israel group called ThreatSec has compromised the infrastructure of Gaza-based ISP AlfaNet.

Pro-Israel hacktivists operating out of India, have also attacked Palestinian government websites, making some of them inaccessible.

A group named Garuna has announced its support for Israel, and TeamHDP has targeted the websites of Hamas and the Islamic University of Gaza.

We expect cyber attacks from both sides to continue to escalate as the war continues. DDoS attacks are commonly used, but more destructive cyber attacks, especially those aimed at critical infrastructure are likely.

Disinformation campaigns may be leveraged by both sides. Automated responses and false stories will appear on social media in an attempt to sway public opinion and support. These stories may spread rapidly and are difficult to defend against or refute.

Members are encouraged to remain vigilant as the high-profile nature of these events will likely be used by cybercriminals in phishing and other scam-based campaigns as has been observed with other global events. Be wary of donating to any causes, as cybercriminals will steal funds, and leverage the war as a means to trick victims into sending funds to phony support groups. For more, visit Security Week.