Cyberattack Blamed for Setting Off Rocket Sirens in IsraelSirens Ring in Jerusalem, Eilat; System Used to Warn Citizens About Missile Attacks
Israeli cybersecurity officials suspect hackers are behind a Sunday night incident causing rocket sirens to sound in Jerusalem and Red Sea town of Eliat.
Sirens rang for almost an hour in a disruption initially attributed by the Israel Defense Forces to a system malfunction, The Jerusalem Post reported. Rocket attacks in civilian areas remain an endemic danger in Israel.
The Israel National Cyber Directorate now suspects a cyber intrusion to be the cause. Deputy Minister of Economy Yair Golan suggested in an interview broadcast on national media that the culprits may hail from Iran.
"The Iranians are trying to harm Israel through cyber warfare, the incident requires a quick investigation," the former IDF deputy chief of staff told Israel Defense Forces radio.
אמש הנחנו את הרשויות המקומיות לנקוט אמצעי הגנה מהירים על מערכות כריזה מקומיות. זאת, לאור חשד לאירוע סייבר בממשק של מערכת כריזה לעיריות אשר הביא להפעלת הכריזה במספר קטן של נקודות בערים אילת וירושלים, לא מדובר במערכות ההתרעה של פיקוד העורף.— Cyber Israel (@Israel_Cyber) June 20, 2022
Tensions have flared between Iran and Israel, with Tehran blaming the Jewish state for a recent spate of attacks on its nuclear infrastructure and Israel urging its citizens to depart Turkey amid worries that Iranian operatives may launch attacks on Israelis in Istanbul.
The breached sirens were municipal, not military systems, the Israel Defense Force's Home Front Command says. The civil defense authority says in a tweet that it "instructed local authorities to take prompt protection measures on local public address systems." The tweet acknowledges "suspicion of a cyber incident at the interface of a public address system for municipalities that led to the activation of the public address in a small number of points in the cities of Eilat and Jerusalem."
The INCD did not immediately respond to Information Security Media Group's request for comment.
It did publish online preventive security measures for other "similar systems" that may also be vulnerable without specifying their relevance to a particular sector.
The measures include basic cybersecurity measures, such as changing default passwords, setting up long complex passwords and changing them frequently and implementing a two-step verification processes. The directorate also recommends "setting restrictions on access permissions to the management interface and remote connection to specific users and, if possible, also by IP addresses."
Phishing Campaign Unveiled Last Week
Israeli cybersecurity firm Check Point last week unveiled a spear-phishing operation targeting high-profile Israeli and U.S. executives that it attributes to Iran.
Among the targets identified by Check Point were Tzipi Livni, an Israeli former foreign minister and deputy prime minister; an unnamed former major general who served in a highly sensitive position in the IDF; and an unnamed senior executive in the Israeli defense industry.
The same day the Check Point article appeared, the Israel National Cyber Directorate issued a warning about an "active phishing campaign against various users in Israel" and released an alert containing information allowing users to stymie the attacks.
שימו לב: קמפיין דיוג פעיל כנגד משתמשים שונים בישראל. בקישור תמצאו את פרטי ההתרעה המלאים יחד עם קובץ מזהים. מומלץ לחסום את מזהי הקבצים, לנטר את מזהי התקשורת, ולהתריע הלאה על קיום הקמפיין.https://t.co/pzzzwk5w4E pic.twitter.com/fUnxeALRu8— Cyber Israel (@Israel_Cyber) June 14, 2022
Israeli OT security firm Radiflow's co-founder Ilan Barda says the incident spotlights the state of municipal cybersecurity in the country.
Cities are tempting targets for malicious hackers. Traffic lights, public transportation and other municipality-run systems are being automated across Israel. That reliance creates vulnerabilities. A hacker could "bring a city or region to a halt, impacting supply chains, food deliveries, and more - putting a city under siege," Barda tells ISMG.
Whether the siren incident was intentional or not remains an open question, he says. It is possible the incident was an accident triggered during the hackers’ exploration for vulnerabilities in the municipality's security system.
If the incident had been intentional, "it would make more sense to conduct this incident during a religious holiday or time of large gatherings to shatter any sense of security," he says. But it also might have been a false flag operation used as a distraction for a different cyberattack, he adds.
Note: This story was updated on June 21 to include INCD's preventive cybersecurity advice and comments from Radiflow co-founder Ilan Barda.