Business Continuity Management / Disaster Recovery , Critical Infrastructure Security , Cyberwarfare / Nation-State Attacks

DDoS Attack Downs Several Israeli Government Websites

Services Now Restored Following Temporary Outage
DDoS Attack Downs Several Israeli Government Websites
"Largest-ever" cyberattack is carried out against Israel. (Source: Shutterstock)

On Monday evening, many Israeli government websites, including those of the prime minister and the ministries of Interior, Health, Justice, and Welfare, went offline. The Israel National Cyber Directorate later confirmed that a massive distributed denial-of-service attack had hit one of its communications providers, resulting in a temporary loss of access. The INCD added that normal activity was soon restored.

See Also: 10 Ways to Defend Against Insider Threats

State of Emergency

The INCD did not disclose any additional details of the incident but Israeli publication Haaretz cited an unnamed senior Israeli defense official calling it the "largest-ever" cyberattack carried out against Israel. The source added that a state actor or a large organization is likely to have conducted this attack, but that has yet to be determined as the investigation is ongoing.

Meanwhile, the news agency also claimed that the INCD and the Ministry of Defense jointly declared a state of emergency to study the extent of damage to strategic Israeli websites and government infrastructure, including electric and water companies in the country. No official statement was issued by the government or the defense ministry.

The Targets

NetBlocks, a watchdog agency that monitors cybersecurity activity, tweeted that the widespread outage of government websites was due to attacks targeted at Israeli telecommunications providers Bezeq and Cellcom.

NetBlocks assessed that the reason the outage affected most Israeli government websites was because the Tehila Project - also known as AS8867 - which hosts at least 314 domains and primarily all gov[.]il website domains, had been affected and became unreachable for international audiences. But NetBlocks says that users within the country were still able to access these platforms.

Defense-related websites are not hosted on this domain and thus, Haaretz says, none of them were affected in yesterday's attacks.

Retaliation a Likely Cause

Israeli news agency The Jerusalem Post claims that the Black Shadow group, which is closely affiliated to Iran, is behind this attack. The INCD has not yet confirmed this claim, but The Jerusalem Post says that the threat group may have carried out the DDoS attack in retaliation for an alleged attempted sabotage on Iran’s Fordow Fuel Enrichment Plant.

"Historically, the primary protagonists involved in cyberattacks against Israel have been groups aligned to the Iranian state, which is well known to operate a 'tit for tat' reaction when it considers it has been attacked itself," says Toby Lewis, head of threat analysis at cybersecurity AI company Darktrace.

Lewis cites examples of repeated DDoS attacks against U.S. financial institutions following sanctions against Iran for its nuclear enrichment program between 2011 and 2013. He tells Information Security Media Group that, "On Monday, Iran's Revolutionary Guard Corps claimed it had captured Israeli spies and saboteurs at a nuclear power plant at Fordow" and called that "a likely trigger point for such a retaliatory DDoS attack."

DDOS attacks are largely symbolic: They don't tend to cause significant long-term damage and could simply be about saving face to show action has been taken although the public may not appreciate the superficial nature of such an operation, Lewis says.

He advises security teams in Israel and globally to remain vigilant, saying, "While there is no evidence that this is the case in this instance, DDoS attacks might be used as a distraction technique while more stealthy operations take place behind the scenes."

A major sabotage attack was foiled before it could take place on Nowruz - the end of the Iranian year, which is March 20 - according to news agency Al Jazeera.

Recent Activities of Black Shadow

The Black Shadow group is known to have persistently targeted Israeli organizations in the recent past.

On Sunday, it claimed to have hacked and siphoned off data from Israeli company Rubinstein Software Ltd., which provides software solutions to the diamond industry.

In November 2021, the group allegedly leaked sensitive health records of nearly 300,000 patients of an Israeli network of medical centers (see: Black Shadow Group Leaks Israeli Patient Records, Data).

And in March 2021, the group reportedly claimed it had hacked Israeli car financing firm K.L.S. Capital and stolen client data, while in December 2020 it leaked thousands of documents containing personal information on the customers of Israel's Shirbit insurance company (see: Hackers Steal Data From Israeli Car Financing Company).


About the Author

Mihir Bagwe

Mihir Bagwe

Principal Correspondent, Global News Desk, ISMG

Bagwe previously worked at CISO magazine, reporting the latest cybersecurity news and trends and interviewing cybersecurity subject matter experts.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.