Israel- Hamas tension leading to cyber battleground

The cyber threats are multifaceted, ranging from Distributed Denial of Service (DDoS) attacks by hacktivist groups to hack and leak activities against Israeli websites.

The Russian-affiliated hacktivist groups shifting their focus to Israel, the introduction of Iranian government-backed hacktivist groups, and the participation of cybercriminals eyeing financial gains amidst the Israel-Hamas conflict. Moreover, sophisticated cyber actors with significant capabilities are entering the scene, heightening risks and tensions in the cyber battleground.

The war that began on the morning of October 7 between Israel and Hamas, known as “Iron Swords”, has also attracted the attention of many threat actors in cyberspace. Much like the Russian-Ukrainian war, there are many individuals and groups trying to leverage cyberspace as an added battlefield, aiming not just to inflict harm but often to orchestrate information campaigns and mould global narratives.

The cyber domain mirrors global diplomatic alignments. With both Russia and Iran publicly supporting Hamas, various Middle-Eastern, Islamic, and Russian-affiliated hacktivist groups began reporting hundreds of attacks on Israeli digital entities. However, the effects of these attacks on Israel and affiliated entities have been minimal.

Check Point Research noted an 18% rise in cyberattacks targeting Israel recently. Specifically, there is a marked increase in attacks on the government/military sector – a 52% surge compared to the weeks leading up to October 7.

This analysis delves into cyber activities as shared by self-proclaimed collectives on platforms like Telegram, the Dark Web, and various open-source intelligence (OSINT) channels. So far, only a handful of attacks have had a tangible impact.

Since the war began, we have registered hundreds of claims of DDoS attacks by dozens of hacktivist groups. Active groups in this area include pro–Islamic groups like “Ghosts of Palestine”, “Team_insane_Pakistan”, and more. The impact of the vast majority of those attacks was very limited in terms of disruption, as these were executed against either very small websites in Israel or lasted for mere seconds to minutes.

Claims of DDoS attacks have included government entities and major companies, such as the Bank of Israel, the Cellcom cellular company, the Israeli Parliament (known as the Knesset), and more. However, most disturbances had only minor effects, if at all.

Several groups claimed to have hacked, stolen, and published data from various Israeli entities, including Israeli hotel chains. Most of those claims were not confirmed. The war has also drawn financially motivated entities into the cyber battlefield.