“This time we got off easy” – The April 7th attacks on Israeli websites, nicknamed “#OpIsrael”, seem to be scattered gatherings of hackers with limited resources and capabilities
In order to handle Cyber-threats for the long run, there is a need to monitor global cyber-attack trends, spot the gaps in existing controls in the different business environments in the organization, and emphasize what actions need to be taken in order the fend off future attacks
The April 7th attacks on Israeli websites, nicknamed “#OpIsrael”, seem to be scattered gatherings of hackers with limited resources and capabilities. We mainly saw defacements of several hundreds of small sites without significant security measures, and DDoS traffic, based on simple tools, against government sites. In addition, several “Data-Dumps” were executed, supposedly exposing confidential information containing usernames and passwords, though for the moment, it seems that most of the data is fake and irrelevant. Moreover, several hundreds of credit card numbers were exposed, but they seem to be irrelevant as well. There is a possibility that some more serious data-leakages were done, though it doesn’t look like they hold sensitive information.
The “Anonymous” collective, which is not a single organized group but rather a number of scattered gatherings of Hacktivists, at some times ad-hoc, threatens and attacks Israeli websites on a daily basis. Whenever there is a significant Israeli military operation, an “#OpIsrael” operation is declared. It started in 2008’s “Cast Lead” operation in Gaza, and continued more fiercely after the 2010 Gaza Flotilla incident and the 2012 “Pillar of Defense” operation. The attacks mainly consist of defacements and DoS/DDoS attacks.
Despite all that, we see a different development of ideology-based attacks worldwide. For example, the widespread attacks against American banks, nicknamed “#OpAbabil”, which started after the publication of “The innocence of the Muslims” video on YouTube, displayed volumes of tens of GB (much more than the attacks seen in Israel) and even used “Hijacked” servers. Some findings suggest that behind the “organization” that lead the ongoing attacks, Izz a-Din al-Qassam Cyber Brigades, stands a nation-state. Last month we witnessed an unprecedented attack against Spamhous, based on ideological motives (though not political), which had a volume of up to 300 GB. The attackers used a known technique which was in “the shadows” of DoS attacks until now.
More concerning than the mentioned above was the March 20th attack against banks and media in South Korea. The attack was quite simple but caused critical services denial of service for days, by inserting Trojans that wiped whole servers (Wipers). In this case as well, there is a strong suspicion that a nation-state is involved, though there are no conclusive evidences.
In conclusion, the #OpIsrael attacks against Israel seem as a continuation of the attacks Israel is faced with daily, but global trends suggest a significant increase attackers’ capabilities and damage potential (beyond simple defacements and taking down commercial site for short periods of time). Government officials, service providers and firms show recognize these trends and prepare for them in advance.
CyberARM™’s product helps organizations monitor global cyber-attack trends that are relevant to a specific organization in the Geo-Political environment it lies in. in addition, it spots the gaps in existing controls in the different business environments in the organization, and emphasizes what actions need to be taken in order the fend off future attacks.
CyberARM™, a startup company that was founded a year ago by Shay Zandani and Dr. Elon Kaplan, developed a product that helps organizations prioritize their investments in dealing with cyber threats. The company implements a unique model based on real-time intelligence concerning the cyber-threat big picture, according to sector, geographic and geo-political segmentation on the one hand, and in correlation with the organization’s security state on the other hand – thus, emphasizing the need to improve security in the critical places against the threat status. CyberARM™ identified the need decision-makers in organizations have to conduct an objective discussion about the constantly changing threat level against the organizational control level, in real time, and make decisions to invest in the places that were identified as targets. In such way, the investment will be continuous and focused on the organization’s ever-changing weak points