The intensifying Israel-Gaza war prompted by widespread attacks by Hamas has prompted a new wave of cyberattacks across the region.
Israel is known as a global cybersecurity hub and numerous cybersecurity companies based there have been impacted by the conflict. Cybersixgill, a dark web threat intelligence company based in Tel Aviv, says it has and will maintain normal business operations throughout the Israel-Gaza war.
"We are saddened and condemn the attacks that are taking place in Israel, and we will do all we can to defend our country," said Sharon Wagner, Cybersixgill's CEO. "We are proud that our team will contribute to the defense of Israel and, like many companies, we have several employees who have been called for service. However, given that we are an Israeli company, we plan for this contingency and the workload easily shifts as our employees implement the playbook for which they have been trained."
Furthermore, while the Israel-Gaza war creates a tense and difficult time for colleagues in Israel, Cybersixgill operations are not confined to Israel, he said.
"Our technology infrastructure – servers, data repository, support – are all located in the United States, which means there will be no interruption in service for our customers," Wagner said. "Additionally, we are a global team with the majority of our customer-facing employees located in North America. Therefore, we are able to support our customers as we always have in the same way. "
Israel-Gaza War: Rise in DDoS Attacks in Israel
Radware, also based in Tel Aviv, has released its latest threat advisory, which shows a surge in cyberattacks against Israeli targets coinciding with Hamas' attacks. Between Oct. 2 and Oct. 10, Israel by far was the most distributed denial of service (DDoS)-attacked state claimed on Telegram. Israeli websites were targeted 143 times, primarily by pro-Palestinian and in a few cases by pro-Russian hacktivists.
Other insights about Israeli targets according to Telegram data:
- Government was the most attacked website category, accounting for 36% of all claimed attacks, followed by news and media (10%) and travel (9%).
- The top politically and ideologically motivated hacktivists claiming DDoS attacks against Israeli websites included Indonesian threat actors Garnesia Team, Moroccan Black Cyber Army, Ganosec Team and Mysterious Team Bangladesh, as well as Indian group Team Herox. Sudanese hacktivist Anonymous Sudan and pro-Russian hacktivist Killnet also participated.
- Network-level DDoS attacks ranged in size from 1.2Gbps to 135Gbps. In addition, application web DDoS attacks ranged between 9,000 HTTPS requests per second (RPS) to 2 million RPS.
- Most of the observed DDoS attacks lasted several hours with others spanning 24 hours. During the longer assaults, the hacktivists morphed their attacks by randomizing attack vectors to make detection and mitigation more difficult.
Critical Start also is weighing in on the increasing cyberattacks in Israel during the Israel-Gaza war.
"As the Israel-Palestine conflict intensifies, the digital realm witnesses parallel turbulence, with hacktivist groups like Anonymous Sudan and Killnet as major contributors," said Callie Guenther, Critical Start's senior manager of threat research. "These groups, while distinct in their operations, share alleged ties to Russia, either directly or through alignment of interests."
Anonymous Sudan, Killnet Targeting Israeli Digital Assets
Both Anonymous Sudan and Killnet have publicized their intentions to target Israeli digital assets, Guenther said.
"While Killnet has explicitly blamed the Israeli government for past alliances against Russian interests and vowed to target Israeli government systems, Anonymous Sudan has showcased its allegiance to the Palestinian resistance, marking its presence by allegedly targeting the Jerusalem Post," she said. "As the on-ground war escalates, the digital dimension plays a multifaceted role."
Both groups possess the capability to momentarily disrupt critical digital infrastructure, including media outlets, government portals, and potentially even utilities or emergency services, Guenther said. This can lead to confusion and hamper real-time decision-making.
Beyond mere disruption, if these groups are indeed state-sponsored or aligned, they might engage in cyber espionage, extracting critical intelligence and forwarding it to their benefactors or aligned state entities, she said.
"While a vast number of hacktivist attacks are symbolic, aiming to gain attention or make political statements, the involvement of groups with alleged state ties like Anonymous Sudan and Killnet changes the narrative," Guenther said. "Their operations could transition from being symbolic gestures to strategically aligned offensives that complement on-ground military actions."
Given the intricate dynamics of modern warfare, where physical and digital realms are deeply intertwined, dismissing these groups as mere symbols would be an oversight, she said.
"Their operations can provide tactical advantages, serve as distractions, or even be used for strategic intelligence gathering," Guenther said. "As the Israel-Palestine conflict progresses, the role of Anonymous Sudan and Killnet could become even more pronounced, potentially influencing the trajectory of events on both the ground and in cyberspace."