Attacks on Israeli orgs 'more than doubled' since October 7, cyber researcher says

Israeli organizations have seen a "dramatic increase" in cyberattacks since the October 7 terrorist attack, with some organizations experiencing a constant bombardment of intrusion attempts, according to military officials and cybersecurity researchers working in the country.

Gil Messing, the chief of staff at Tel Aviv-based Check Point Software, told Recorded Future News that the cyberattacks on Israeli organizations are driven mostly by politically-motivated groups, such as hackers affiliated with Iran and Hezbollah as well as hacktivists.

An Israeli military official claimed this week that the country’s defense forces’ cloud computing network faced over three billion attempted cyberattacks since the beginning of the war with the Hamas militant group last October. 

According to Col. Racheli Dembinski, commander of the central computing system unit known as Mamram, hackers targeted the Israeli Defense Forces’ (IDF) cloud infrastructure, which is used by many systems serving troops on the ground. 

Local media reported on Dembinski’s speech during a cyber conference last week where she said that all the cyberattacks were blocked and no system was compromised. Dembinski did not attribute the attacks to specific threat actors. 

Dembinski didn’t specify the types of attacks carried out against the IDF’s cloud infrastructure or how sophisticated they were. Messing confirmed that Israeli businesses and organizations have seen “a very dramatic increase in cyberattacks since the war began.”

“Attacks, in general, more than doubled, to the point that an average Israeli organization is attacked more than 2,200 times every week,” said Gil Messing, the chief of staff at Tel Aviv-based Check Point Software. 

He told Recorded Future News that the company doesn’t have data to comment on attacks on the military cloud networks but said that the number of attacks announced likely comprises cyber incidents of “any sort.”

Israel’s cyber enemies

Messing said his team is monitoring “over 80 such groups which do anything from defacement and DDoS to ransomware and wipers.”

Earlier in June, the head of the Israel National Cyber Directorate (INCD), Gaby Portnoy, warned Israel and its allies about Iranian cyberattacks.

“We have identified that Iran is attacking its allies and other countries for information extortion and damaging digital services,” Portnoy said. “The information stolen from government systems is then used for Iranian cyberterrorism.”

The countries targeted by Iran, according to Portnoy, include Saudi Arabia, Oman, Canada, the U.S., the UAE, India, the U.K., Germany, Australia, and Austria.

Research from Check Point and Sekoia published earlier this week showed that the suspected Iranian state hacking group MuddyWater is targeting organizations in Israel and across the Middle East with a previously unseen custom backdoor. 

MuddyWater has also previously targeted government entities, municipalities, media outlets, and travel agencies in Israel, Turkey, Saudi Arabia, India, and Portugal.

Messing said that Check Point tracks at least five hacking groups targeting Israel that they believe originate from Iran or work on its behalf. Their attacks are “large-scale” and target the public sector, IT companies, universities, and other entities. The company also tracks 5-6 other groups that reportedly work on behalf of Hezbollah.