The Israeli-Hamas Conflict Shows Cyber Warfare Is The New Normal

During the start of the Russian invasion of Ukraine the hacktivist group Anonymous declared a cyber war against Russia. At the time, I conducted extensive research into the methods, tactics, and results of how a group of semi-unorganized non-governmental hacktivists were able to cause major havoc in Russia.

Their strategy included everything from hacking news outlets, home printers, and connected devices, to downloading a mind-boggling amount of Russian data belonging to companies and government agencies and then publicly releasing that data online.

It was the first time the world saw a successful crowdsourced cyber war that could not be tracked back to any specific country or government.

In the current conflict between Israel and Hamas, I have seen hacktivist groups attempt many of the same techniques that were successfully used against Russia. However, they seem to be less effective now. The one major factor that makes these cyber war tactics different is the time between conflicts. In the 19 months since hacktivists declared cyber war against Russia, cyber security experts and intelligence services around the world have had time to analyze, prepare, and try to insulate themselves by learning from the failures of Russia’s cyber defenses.

After all, it is a fact that cyber warfare will play a significant role in any current and future conflicts. Cyberspace acts now as a second front with no defined rules of engagement. Hacktivists and government-affiliated groups can choose a side and launch numerous attacks based on their specific skill sets, tipping the scales of the conflict with seemingly just a few clicks.

The most common tactic I have seen in the Israel-Palestine online conflict are denial of service (DoS) attacks. In the first days of the most recent confrontation, the attacks seem to have been focused on Israeli government websites, civil services, news sites, financial institutions, and telecommunications and energy companies. By targeting these sites, attackers can manipulate information and limit civilians’ access to real-time news, government instructions, and other important intel.

Who Is Hacking Who?

It is an open secret that many nations and other global actors have spent years testing each other’s cyber defenses and have extensive experience in offensive and defensive security. State-sponsored cyber attacks are a serious threat during both times of war and peace, but it appears to be the new normal that a cyber war accompanies a physical conflict.

The cyber war landscape seems to change rapidly, but many well-known groups have already announced their involvement in the Israel-Hamas conflict, including various Anonymous factions, KillNet, AnonGhost, and others.

There were an estimated 58 different groups participating in cyber attacks in the first days of the conflict. Initial reports suggest there are 10 groups working in support of Israel and roughly 48 in support of the Palestinians. In general, due to the anonymous and covert nature of hacktivism, cybercrime, and espionage groups, it’s difficult to determine what their agenda is and exactly how much impact they have. They try to ensure by hiding their location, identities, and any state affiliations. It is also possible that some of these groups are actually formed by the same individuals and simply use different operational names to make the attacks seem bigger than they really are.

One of the major challenges in cyber warfare is attributing cyberattacks to specific state-sponsored actors or independent hacktivist groups. Not knowing exactly who is targeting what makes it difficult to establish responsibility and accountability.

Nevertheless, various cyber attacks have been publicly linked to one government or another. For instance, multiple Russian-aligned groups, such as KillNet and Anonymous Sudan, have publicly claimed involvement in cyber attacks against Israel. KillNet Group launched a new Telegram channel called KILLNET PALESTINE, where it reaffirmed its affiliation with Anonymous Sudan and announced their intentions to coordinate their targeting of Israeli assets. Furthermore, according to a report published by Microsoft, Iran has targeted Israel’s government and private sector infrastructure more than any other country between July 2022 and June 2023. In turn, Iran has also blamed Israel for numerous cyber attacks going back many years.

Cyber Attack Methods Being Used

There is no doubt that a cyber war is taking place online in conjunction with the current physical war. Right now, the impact of these cyber attacks appears to be minimal, causing only minor disruptions. As more groups and actors join the fight, the cyber security threats will only increase. We will add updates to this article as major cyber attacks happen.

Hacked data can have significant risks for years to come and can serve as a puzzle piece for gathering intelligence or launching future attacks. There are no rules in cyber warfare, which means all types of data could be considered fair game and valuable targets. Knowing the methods and tactics of cyber warfare can help protect people, businesses, and government entities.

Denial of Service (DoS)

There have been numerous reports of DoS attacks against private businesses and government entities of both Israel and Palestine. These attacks, which come from all over the world, simply flood websites with an overwhelming volume of traffic requests. This “bad traffic” consumes the network’s resources - such as bandwidth, processing power, memory, or network connections - and leaves virtually no capacity for legitimate user requests, hence the term denial of service.

In other words, a DoS attack is a relatively low-tech but effective method to launch a malicious disruption of a network, service, or website by overwhelming it with a massive flood of traffic requests. The primary goal of a DoS attack is to make websites or networks unavailable to legitimate users for hours or, in rare cases, days.

Various DoS attacks have been launched since the conflict started. These include:- 

  • The official Hamas site was briefly taken down, allegedly by a pro-Israeli hacktivist group called India Cyber Force.
  • The largest English-language news provider The Jerusalem Post was targeted by Anonymous Sudan, a group that, despite what its name suggests, many experts believe operates from Russia.
  • KillNet, another Russian-affiliated group, claimed to have taken down the primary website of the Israeli government.
  • ThreatSec, a pro-Israel group, is suspected to have targeted Gaza’s internet service providers. By disrupting internet access, it hinders both people’s ability to acquire information and the cyber capabilities of those who can’t connect to the network. 

Propaganda & Misinformation

This is likely the easiest of all cyber war tactics for the average person because it requires almost no technical knowledge and only an internet connection. However, sophisticated bot networks are more prevalent than ever on social media, making it even easier to use this tactic. Winning the hearts and minds of supporters has always been a primary goal of all global conflicts, and propaganda is an effective tool to sway opinions or gain support for a specific cause or ideology.

Social media outlets are struggling to keep up with the massive amount of misinformation and bot activity.

In 2022, there were an estimated 16.5 million bots on X (Twitter) alone. A report on Russian propaganda on X during the 2022 invasion of Ukraine found that bots played a large role in promoting pro-Russian content, with an estimated 20 percent of the messages being posted by bots and reaching nearly 14.4 million users. It is highly likely the same level of bot activity is still happening on social media, with the biggest risk being that the average users may not spot the difference between a bot and a human and could fall for disinformation.

The EU has issued a notice to both Elon Musk and Mark Zuckerburg over the alleged disinformation regarding the Hamas attack, fake news, and out-of-context visual content. The EU demands mitigation measures be implemented to tackle the risks to public security and civic discourse stemming from disinformation.

Cyber Espionage

Israeli, Palestinian, and other entities are actively seeking to monitor communications, infiltrate networks, and gain valuable information that can be used to their advantage. The Gaza-based hacker group Storm-1133 has a history of targeting telecommunications, energy, and defense companies in Israel with limited success. Storm-1133 has taken a slightly different approach than other groups by using everything from LinkedIn to Google Drive to launch social engineering campaigns.

Their goal is to deploy backdoors that bypass traditional security methods and then gather information through social engineering instead of relying only on bruteforce hacking attempts. The use of hacked systems and data also plays a role in cyber espionage. Once data or an intrusion is filtered, it can be a stepping stone for further attacks or targeted campaigns to gain additional espionage capabilities.

Hacking & Defacement

Hacking:    In the current conflict, it seems like only a small number of proven claims of hacking have made a big difference for either side.

  • AnonGhost, a hacking group based in Africa, the Middle East, and Europe claimed they disrupted an Israeli emergency alert application (according to their social media channel).
  • A group calling itself Team Insane PK’ claimed that it hacked a hydroelectric power plant in Israel.
  • Cyber Av3ngers, a pro-Hamas group, claimed it attempted to target Israel’s power grid organization.

If true, this raises the stakes of the possibility of cyberattacks on critical infrastructure, including power grids and water facilities.

Hacked data is another major concern during conflicts. One example is a Russian language forum that appears to be selling the personal data of Israel Defense Forces. These records may reveal sensitive personal information that could go far beyond personal security and safety, as the data could include home addresses, contact details, or even the names of family members, which could be exploited by the hacktivists for harassment or additional cyber attacks.

Access to private data can provide additional insights into the soldiers’ digital lives and put them at risk for targeted phishing attempts and malware distribution. 

Being aware of cybersecurity best practices and understanding the importance of maintaining personal information secure is a priority when any nation’s defense forces have been involved in a data breach.

Defacing:   Websites, social media accounts, and digital platforms associated with both Israeli and Palestinian entities have been targeted by defacement. In the first week of the conflict, an estimated 100 websites from both sides were defaced. The goal of these attacks is to hack the website and convey political messages and ideologies.

These attacks are usually done through an SQL injection where the hacker exploits vulnerabilities in a website’s input fields to manipulate the website’s database. By injecting carefully crafted SQL queries, an attacker can bypass security measures and gain unauthorized access. This form of attack allows the hacker to retrieve confidential user credentials, or take control of the website and deface it.

Although these appear to be major incidents, they are not likely to provide the hacker with any sensitive data or information because sensitive records are usually not stored on a public-facing website. Usually these credentials are specifically for one area of the website’s administrative panel and, as long as credentials are not reused or shared to access other parts of the network, there is a lower risk of a serious data breach.

What We Can Learn From This

Cyber attacks in the Israel-Palestinian conflict show us how information warfare and cyber activities intertwine with traditional forms of war. My goal is to highlight the cyber security aspects of the conflict without the geopolitical, historical, political, or humanitarian complexities. The use of cyber warfare underscores and defines a new reality of conflicts in the digital age and highlights the importance of addressing these cyber security challenges.

Cyberattacks against any nation pose significant dangers with far-reaching consequences. Disrupting critical infrastructure, including power grids and communication systems, can also directly affect civilian populations.

These attacks serve as a warning to countries around the world - all nations should be highly prepared for potential future attacks and implement proactive cybersecurity measures. Unfortunately, when it comes to a cyber attack, it is no longer about if it happens, but when it happens.

Going forward, the same potential threats apply to corporations, private businesses, and individuals. The tools and methods used by hacktivists today could be used on you, your company, or your government tomorrow. Understanding how hacks occur is the first step to protecting yourself online and your digital life.

Jeremiah Fowler  is a Security Researcher and co-founder of Security Discovery

This is an abridged version of an article first available at WebSite Planet:               Image: BrasilNut1 

You Might Also Read: 

The Evolution Of Russian Cyber Warfare:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Electric Vehicles: The Hacking Risks 
Israel & Hamas: EU Issues TikTok A Warning »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

FT Cyber Resilience Summit: Europe

FT Cyber Resilience Summit: Europe

27 November 2024 | In-Person & Digital | 22 Bishopsgate, London. Business leaders, Innovators & Experts address evolving cybersecurity risks.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Virtual Security

Virtual Security

Virtual Security provides solutions in the field of managed security services, network security, secure remote work, responsible internet, application security, encryption, BYOD and compliance.

Certification Europe

Certification Europe

Certification Europe (now Amtivo Ireland) is an accredited certification body which provides ISO management system certification, including ISO 27001.

SiteGuarding

SiteGuarding

SiteGuarding provide website security tools and services to protect your website against malware and hacker exploits.

BPC Banking Technologies

BPC Banking Technologies

BPC’s advanced fraud prevention solution helps card issuers and acquirers combat the growing threat by monitoring 100% of transactions, online, in real-time across all channels.

AcceptLocal

AcceptLocal

AcceptLocal is a payments industry consultancy with expertise in payment processing, payment security, anti-money laundering and fraud prevention.

Zanasi & Partners

Zanasi & Partners

Zanasi & Partners is a security research and advisory company active in the EU and MENA areas. Services focus on technology solutions.

Cyber Risk & Insurance Forum (CRIF)

Cyber Risk & Insurance Forum (CRIF)

CRIF helps organisations understand cyber risks and the damage that might occur by supporting the development of effective insurance solutions.

SecureMetric Technology

SecureMetric Technology

SecureMetric is one of SE Asia’s leading players in the field of digital security with a focus on Software Licensing Protection, 2-Factor Authentication, Advanced Identity and Access Management, Publi

Blancco Technology Group

Blancco Technology Group

Blancco Technology Group is a leading global provider of mobile device diagnostics and secure data erasure solutions.

GulfTalent

GulfTalent

GulfTalent is the leading job site for professionals in the Middle East and Gulf region covering all sectors and job categories, including cybersecurity.

Capsule8

Capsule8

Capsule8 is the only company providing high-performance attack protection for Linux production environments.

US Digital Corps

US Digital Corps

The U.S. Digital Corps is a new two-year fellowship for early-career technologists where you will work every day to make a difference in critical impact areas including cybersecurity.

Kyndryl

Kyndryl

Kyndryl has a comprehensive portfolio that leverages hybrid cloud solutions, business resiliency, and network services to help optimize your IT workloads and transformations.

Prime Technology Services

Prime Technology Services

Prime Tech are a group of Red Hat, Microsoft & Cisco Certified IT Professionals with an impressive track record of consistently delivering value to our corporate clients.

ThreatNG Security

ThreatNG Security

ThreatNG is redefining external attack surface management (EASM) and digital risk protection with a platform of unmatched breadth, depth, and capabilities in thwarting technical and business threats.

Efex

Efex

Efex is one of Australia’s leading Managed Technology Solutions providers. We service local companies across Australia, providing accessible, fast and straightforward IT.