Cyberattacks Against Israeli Government Sites: 'Largest in the Country’s History'

Israel’s Nation Cyber Directorate confirmed in a tweet on Monday that a denial-of-service (DDoS) attack against a telecommunications provider took down several government sites, as well as others not affiliated with the government. The incident led to the Directorate to briefly declare a state of emergency, while sources said the cyberattack was the largest ever against Israel.

“Update: In the last few hours, a [DDoS] attack has been identified on a communications provider which, as a result, has for a short time prevented access to a number of sites, including government sites,” the Cyber Israel account tweeted.

Haaretz reported the sites for the Israeli departments of interior, health, justice, welfare and even the Prime Minister’s office were taken offline (services are now restored). A source identified by Haaretz as a member of the “defense establishment” noted the size of the attack, adding that only a nation-state backed threat actor could have pulled off such a large-scale attack.

Internet tracker NetBlocks reported that the attacks were launched against Israeli telecom providers Bezeq and Cellcom.

> ℹ️ Update: The #Israel Government Network (Tehila Project, AS8867) which hosts several gov·il website domains has become unreachable internationally. Users within the country remain able to access the platforms.
>
> 📰 Further Reading: <https://t.co/zgeodgMzk1&gt; pic.twitter.com/YAHSf63Wun
>
> — NetBlocks (@netblocks) March 14, 2022

Meanwhile, cybersecurity watchers and experts suspect Iran was behind the attack.

“The recent DDoS attacks against Israel have been attributed to actors aligned with Iran, highlighting the significant ongoing tensions between the two countries,” Chris Morgan, senior cyber-threat intelligence analyst with Digital Shadows, told Threatpost by email.

He said the timing indicates the DDoS attacks were in retaliation for Israel’s attempt to breach Iran’s nuclear infrastructure, Morgan explained.

“The attacks occurred just hours after Iranian state television announced that its security forces had reportedly stopped an attempted sabotage of nuclear centrifuges against a nuclear power plant in Fordow,” he said. “Attacking nuclear centrifuges draws parallels to previous cyberattacks against Iran, notably the Stuxnet incident of 2010; some have suggested this destructive malware attack was the work of Israel’s intelligence services.”

Israel, Uniquely Prepared to Defend Against Cyberattacks

Israel is known to have engaged in covert cybersecurity operations across the globe. Jennifer Tisdale, CEO of GRIMM, told Threatpost — including developing the Stuxnet worm that was deployed against Iran. As a result the country is prepared to respond to attacks on its own systems, she said, adding that it’s an approach the U.S. government should adopt.

“Today’s broad cyberattack is just another Tuesday in Israel, for the most part,” Tisdale said. “Israel’s approach to cybersecurity offers some solid takeaways the U.S. government could and should embrace.”

It starts with smart government policymaking, she added.

“First, Israel has developed cybersecurity public policy that is both robust and nimble,” Tisdale said. “They have prioritized government funding specific to cyberattack mitigation, preparation and response to protect against other governments or private sector incidents.”

Also, “cybercriminals also face stiff consequences for their actions against Israeli interests,” Tisdale said.

“Israel has also embraced an attacker-oriented response strategy and has developed a practice for holding people and organizations accountable with both national and international law enforcement,” she added. “Though we could debate what an appropriate response should look and feel like, I believe we can all agree that having a cyber-response plan and accountability plan to protect U.S. critical infrastructure, government networks and communication systems should be prioritized.”

Though the size of the attack is notable, DDoS attacks in general are common against nations and should be anticipated, Netenrich principal threat hunter John Bambenek told Threatpost.

“Ultimately, DDoS attacks remain a technique to knock critical infrastructure, such as government websites, offline,” Bambenek said. “The technique is popular among activists because it doesn’t require much in the way of prep work to pull off. Government targets, such as the Israeli government, are common.”

_Moving to the cloud? Discover emerging cloud-security threats along with solid advice for how to defend your assets with our _FREE downloadable eBook, “Cloud Security: The Forecast for 2022.”****_We explore organizations’ top risks and challenges, best practices for defense, and advice for security success in such a dynamic computing environment, including handy checklists. _