Israel is the number one country on hackers’ target list, new study reveals
Whether it be for geostrategic purposes or simply out of greed, hackers have Israel directly in their sights
Before this year, Israel was not considered a preferred target of cyberattacks. Though throughout the year it made it into the Top-5 list, this is the first time it is the outright leader, with 180,000 identified hacking attempts.
“It requires more research to determine whether the attackers are geostrategic adversaries that seek to obtain a foothold in the country or players that have no specific interest in Israel, but aim to divert attention towards it as a smokescreen for their true goals,” said Eran Arel, who manages F5’s activities in Israel.
“Even though Israel is a savvy country and home to many talents in the cybersecurity sector, what we witnessed were fairly simple attacks. It is a reminder that everywhere in the world, including in Israel, there are vulnerabilities that can be exploited to obtain a foothold, and that it is up to us to strengthen our most basic data protection infrastructure,” he added.
The report notes that the most common IP addresses identified as sources for hacks were linked to Russian networks. That said, F5 is cautious about attributing the attack directly to Russians. It wouldn’t, however, be too much of a stretch to point out the entrance of Russian hackers on the scene, particularly in light of the recent ransom attack on Israeli insurance company Shirbit, which was attributed to Russian, or at least Russian-speaking, hackers, even though the company claims that the source of the attack may have been Israel’s arch-nemesis Iran.
“Tensions with Iran, the administration change in the U.S., and the peace agreements between Israel and Muslim states, which many were opposed to, all increase the motivation for carrying out cyberattacks at this time,” Lior Frenkel, the CEO and co-founder of Waterfall Security Solutions, told Calcalist. “This time, however, there seems to be an additional reason behind the recent string of attacks — greed. The criminal underworld is turning to cybercrime. Ransom attacks are the shiny new method that criminal organizations are embracing en masse.”
“Israel is a very advanced country with a high rate of use of information technology. As such it is a clear target for ransom attacks. It is home to a wide array of potential targets from various tech companies to production facilities, financial organizations, and government agencies. The combination of political targets and financial targets helps explain the current leap in the number of attacks. The business sector must prepare for a long period in which it will be a significant target for attacks, whether the motivation is terror, extortion, or a combination of the two,” Frenkel said.
Frenkel’s assessment joins that of other cybersecurity experts. Various estimates suggest that the attack that paralyzed much of the U.S. government’s computer network, which started with an attack on SolarWind’s IT infrastructure originated in Russia. But according to a report by Israeli cyber company Prevasio, it appears that Israel too is among the Russian hackers’ targets. In a list of targets posted on PasetBin, apparently by the hackers themselves appear Israeli universities, an Israeli commercial television channel, and even one of the largest Israeli data security firms.
When we examine the volume of successful cyber attacks on the Israeli market in recent months— the ransom attack that paralyzed semiconductor company Tower, the attack on Shirbit, the attack on Amital, the breach of Intel’s Habana Labs, along with dozens more that were never made public— it is apparent that there is a consistent trend of making Israel a preferred target for cyberattacks.
“There is no doubt that this is only the beginning and that this is the largest attack that the world has known in a long time,” Assaf Amir, the head of SentinelOne’s Cyber research division said. “In our tracking of both state-level and criminal hacking groups, we have noted an increase in attacks on Israel.”
“On the one hand, there are state actors, mostly Iran, Hamas, and Hezbollah, who are expanding their attacks into cyberspace which allows them to escalate the conflict without the repercussions of a direct conflict with Israel, and on the other, there are cybercriminals who have increased the use of ransom attacks. In addition, we can see a trend of combined attacks, in which cybercriminals carry out attacks on behalf of states or state actors disguise themselves as criminals, which is apparently what happened in the case of Shirbit,” Amir concluded.