The Israeli-Hamas Conflict Shows Cyber Warfare Is The New Normal

During the start of the Russian invasion of Ukraine the hacktivist group Anonymous declared a cyber war against Russia. At the time, I conducted extensive research into the methods, tactics, and results of how a group of semi-unorganized non-governmental hacktivists were able to cause major havoc in Russia.

Their strategy included everything from hacking news outlets, home printers, and connected devices, to downloading a mind-boggling amount of Russian data belonging to companies and government agencies and then publicly releasing that data online.

It was the first time the world saw a successful crowdsourced cyber war that could not be tracked back to any specific country or government.

In the current conflict between Israel and Hamas, I have seen hacktivist groups attempt many of the same techniques that were successfully used against Russia. However, they seem to be less effective now. The one major factor that makes these cyber war tactics different is the time between conflicts. In the 19 months since hacktivists declared cyber war against Russia, cyber security experts and intelligence services around the world have had time to analyze, prepare, and try to insulate themselves by learning from the failures of Russia’s cyber defenses.

After all, it is a fact that cyber warfare will play a significant role in any current and future conflicts. Cyberspace acts now as a second front with no defined rules of engagement. Hacktivists and government-affiliated groups can choose a side and launch numerous attacks based on their specific skill sets, tipping the scales of the conflict with seemingly just a few clicks.

The most common tactic I have seen in the Israel-Palestine online conflict are denial of service (DoS) attacks. In the first days of the most recent confrontation, the attacks seem to have been focused on Israeli government websites, civil services, news sites, financial institutions, and telecommunications and energy companies. By targeting these sites, attackers can manipulate information and limit civilians’ access to real-time news, government instructions, and other important intel.

Who Is Hacking Who?

It is an open secret that many nations and other global actors have spent years testing each other’s cyber defenses and have extensive experience in offensive and defensive security. State-sponsored cyber attacks are a serious threat during both times of war and peace, but it appears to be the new normal that a cyber war accompanies a physical conflict.

The cyber war landscape seems to change rapidly, but many well-known groups have already announced their involvement in the Israel-Hamas conflict, including various Anonymous factions, KillNet, AnonGhost, and others.

There were an estimated 58 different groups participating in cyber attacks in the first days of the conflict. Initial reports suggest there are 10 groups working in support of Israel and roughly 48 in support of the Palestinians. In general, due to the anonymous and covert nature of hacktivism, cybercrime, and espionage groups, it’s difficult to determine what their agenda is and exactly how much impact they have. They try to ensure by hiding their location, identities, and any state affiliations. It is also possible that some of these groups are actually formed by the same individuals and simply use different operational names to make the attacks seem bigger than they really are.

One of the major challenges in cyber warfare is attributing cyberattacks to specific state-sponsored actors or independent hacktivist groups. Not knowing exactly who is targeting what makes it difficult to establish responsibility and accountability.

Nevertheless, various cyber attacks have been publicly linked to one government or another. For instance, multiple Russian-aligned groups, such as KillNet and Anonymous Sudan, have publicly claimed involvement in cyber attacks against Israel. KillNet Group launched a new Telegram channel called KILLNET PALESTINE, where it reaffirmed its affiliation with Anonymous Sudan and announced their intentions to coordinate their targeting of Israeli assets. Furthermore, according to a report published by Microsoft, Iran has targeted Israel’s government and private sector infrastructure more than any other country between July 2022 and June 2023. In turn, Iran has also blamed Israel for numerous cyber attacks going back many years.

Cyber Attack Methods Being Used

There is no doubt that a cyber war is taking place online in conjunction with the current physical war. Right now, the impact of these cyber attacks appears to be minimal, causing only minor disruptions. As more groups and actors join the fight, the cyber security threats will only increase. We will add updates to this article as major cyber attacks happen.

Hacked data can have significant risks for years to come and can serve as a puzzle piece for gathering intelligence or launching future attacks. There are no rules in cyber warfare, which means all types of data could be considered fair game and valuable targets. Knowing the methods and tactics of cyber warfare can help protect people, businesses, and government entities.

Denial of Service (DoS)

There have been numerous reports of DoS attacks against private businesses and government entities of both Israel and Palestine. These attacks, which come from all over the world, simply flood websites with an overwhelming volume of traffic requests. This “bad traffic” consumes the network’s resources - such as bandwidth, processing power, memory, or network connections - and leaves virtually no capacity for legitimate user requests, hence the term denial of service.

In other words, a DoS attack is a relatively low-tech but effective method to launch a malicious disruption of a network, service, or website by overwhelming it with a massive flood of traffic requests. The primary goal of a DoS attack is to make websites or networks unavailable to legitimate users for hours or, in rare cases, days.

Various DoS attacks have been launched since the conflict started. These include:- 

  • The official Hamas site was briefly taken down, allegedly by a pro-Israeli hacktivist group called India Cyber Force.
  • The largest English-language news provider The Jerusalem Post was targeted by Anonymous Sudan, a group that, despite what its name suggests, many experts believe operates from Russia.
  • KillNet, another Russian-affiliated group, claimed to have taken down the primary website of the Israeli government.
  • ThreatSec, a pro-Israel group, is suspected to have targeted Gaza’s internet service providers. By disrupting internet access, it hinders both people’s ability to acquire information and the cyber capabilities of those who can’t connect to the network. 

Propaganda & Misinformation

This is likely the easiest of all cyber war tactics for the average person because it requires almost no technical knowledge and only an internet connection. However, sophisticated bot networks are more prevalent than ever on social media, making it even easier to use this tactic. Winning the hearts and minds of supporters has always been a primary goal of all global conflicts, and propaganda is an effective tool to sway opinions or gain support for a specific cause or ideology.

Social media outlets are struggling to keep up with the massive amount of misinformation and bot activity.

In 2022, there were an estimated 16.5 million bots on X (Twitter) alone. A report on Russian propaganda on X during the 2022 invasion of Ukraine found that bots played a large role in promoting pro-Russian content, with an estimated 20 percent of the messages being posted by bots and reaching nearly 14.4 million users. It is highly likely the same level of bot activity is still happening on social media, with the biggest risk being that the average users may not spot the difference between a bot and a human and could fall for disinformation.

The EU has issued a notice to both Elon Musk and Mark Zuckerburg over the alleged disinformation regarding the Hamas attack, fake news, and out-of-context visual content. The EU demands mitigation measures be implemented to tackle the risks to public security and civic discourse stemming from disinformation.

Cyber Espionage

Israeli, Palestinian, and other entities are actively seeking to monitor communications, infiltrate networks, and gain valuable information that can be used to their advantage. The Gaza-based hacker group Storm-1133 has a history of targeting telecommunications, energy, and defense companies in Israel with limited success. Storm-1133 has taken a slightly different approach than other groups by using everything from LinkedIn to Google Drive to launch social engineering campaigns.

Their goal is to deploy backdoors that bypass traditional security methods and then gather information through social engineering instead of relying only on bruteforce hacking attempts. The use of hacked systems and data also plays a role in cyber espionage. Once data or an intrusion is filtered, it can be a stepping stone for further attacks or targeted campaigns to gain additional espionage capabilities.

Hacking & Defacement

Hacking:    In the current conflict, it seems like only a small number of proven claims of hacking have made a big difference for either side.

  • AnonGhost, a hacking group based in Africa, the Middle East, and Europe claimed they disrupted an Israeli emergency alert application (according to their social media channel).
  • A group calling itself Team Insane PK’ claimed that it hacked a hydroelectric power plant in Israel.
  • Cyber Av3ngers, a pro-Hamas group, claimed it attempted to target Israel’s power grid organization.

If true, this raises the stakes of the possibility of cyberattacks on critical infrastructure, including power grids and water facilities.

Hacked data is another major concern during conflicts. One example is a Russian language forum that appears to be selling the personal data of Israel Defense Forces. These records may reveal sensitive personal information that could go far beyond personal security and safety, as the data could include home addresses, contact details, or even the names of family members, which could be exploited by the hacktivists for harassment or additional cyber attacks.

Access to private data can provide additional insights into the soldiers’ digital lives and put them at risk for targeted phishing attempts and malware distribution. 

Being aware of cybersecurity best practices and understanding the importance of maintaining personal information secure is a priority when any nation’s defense forces have been involved in a data breach.

Defacing:   Websites, social media accounts, and digital platforms associated with both Israeli and Palestinian entities have been targeted by defacement. In the first week of the conflict, an estimated 100 websites from both sides were defaced. The goal of these attacks is to hack the website and convey political messages and ideologies.

These attacks are usually done through an SQL injection where the hacker exploits vulnerabilities in a website’s input fields to manipulate the website’s database. By injecting carefully crafted SQL queries, an attacker can bypass security measures and gain unauthorized access. This form of attack allows the hacker to retrieve confidential user credentials, or take control of the website and deface it.

Although these appear to be major incidents, they are not likely to provide the hacker with any sensitive data or information because sensitive records are usually not stored on a public-facing website. Usually these credentials are specifically for one area of the website’s administrative panel and, as long as credentials are not reused or shared to access other parts of the network, there is a lower risk of a serious data breach.

What We Can Learn From This

Cyber attacks in the Israel-Palestinian conflict show us how information warfare and cyber activities intertwine with traditional forms of war. My goal is to highlight the cyber security aspects of the conflict without the geopolitical, historical, political, or humanitarian complexities. The use of cyber warfare underscores and defines a new reality of conflicts in the digital age and highlights the importance of addressing these cyber security challenges.

Cyberattacks against any nation pose significant dangers with far-reaching consequences. Disrupting critical infrastructure, including power grids and communication systems, can also directly affect civilian populations.

These attacks serve as a warning to countries around the world - all nations should be highly prepared for potential future attacks and implement proactive cybersecurity measures. Unfortunately, when it comes to a cyber attack, it is no longer about if it happens, but when it happens.

Going forward, the same potential threats apply to corporations, private businesses, and individuals. The tools and methods used by hacktivists today could be used on you, your company, or your government tomorrow. Understanding how hacks occur is the first step to protecting yourself online and your digital life.

Jeremiah Fowler  is a Security Researcher and co-founder of Security Discovery

This is an abridged version of an article first available at WebSite Planet:               Image: BrasilNut1 

You Might Also Read: 

The Evolution Of Russian Cyber Warfare:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Electric Vehicles: The Hacking Risks 
Israel & Hamas: EU Issues TikTok A Warning »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Security Mentor

Security Mentor

Security Mentor provides innovative, online security awareness training designed for how people learn and work.

CERT-PY

CERT-PY

CERT-PY is the national Computer Emergency Response Team for Paraguay.

Cyanre

Cyanre

Cyanre delivers state of the art cyber forensic services through software technologies and procedures that exceed conformities of major law enforcement agencies across the globe.

GuidePoint Security

GuidePoint Security

GuidePoint Security provide information security solutions that enable commercial and federal organizations to more successfully achieve their security and business goals.

CloudAlly

CloudAlly

CloudAlly provides online cloud to cloud backup and recovery solutions, which backs up daily changes in your SaaS to unlimited Amazon S3 storage and makes it available for restore or export.

Cyber Craft

Cyber Craft

CyberCraft is an innovative and dynamic software development, outsourcing and consulting company. Services offered include penetration testing.

DAkkS

DAkkS

DAkkS is the national accreditation body for Germany. The directory of members provides details of organisations offering certification services for ISO 27001.

GitGuardian

GitGuardian

Enable developers, ops, security and compliance professionals to enforce security policies across public and private code, and other data sources as well

BetaDen

BetaDen

BetaDen provides a revolutionary platform for businesses to develop next-generation technology, such as the internet of things and industry 4.0.

Albania Lab

Albania Lab

Albania Lab is a consulting company focused on the development and delivery of digital solutions and IT services including cybersecurity.

Alpha Mountain AI (alphaMountain)

Alpha Mountain AI (alphaMountain)

alphaMountain provides up-to-date domain and IP intelligence for cybersecurity investigational and protection platforms.

SK Shieldus

SK Shieldus

SK shieldus are a converged security provider with business capabilities in both cybersecurity and physical security based on Big-Tech.

SoftForum

SoftForum

SoftForum is a company specializing in next-generation information security solutions in the Quantum-Resistant-Cryptography (PQC) field.

Deepware

Deepware

Deepware is an emerging AI research company dedicated to exploring the potential of GenAI in both generation and detection.

Flow Security

Flow Security

Enterprises run on data, Flow secures it at runtime. With a runtime-first approach, Flow is a game-changer in the data security space, securing data itself, beyond the infrastructure it resides in.

Blackmere Consulting

Blackmere Consulting

Blackmere Consulting is a Nationwide Technical and Executive Recruiting firm dedicated to Cyber Security and Information Technology.