Several threat actors have joined the Israel-Hamas conflict escalation. These groups have targeted various organizations and infrastructure in Israel and Gaza, using DDoS attacks, with the latest attacks aimed at SCADA systems and ICS.
An analysis found that numerous ICSs are vulnerable, and threat actors can readily exploit lax security measures.
- Several Israeli organizations have left their Modbus, a SCADA communications protocol was exposed, and the investigators have identified 400 such instances.
- There are more than 150 Message Queuing Telemetry Transport (MQTT) ports that are still open. This system facilitates communication between MES and SCADA.
- The Palestine entities are similarly leaving Modbus and MQTT exposed, in addition to Siemens automation and Symantec systems.
- A hacking group called Predatory Sparrow, believed to have links to the Israeli government, reemerged to support the government.
- Anonymous Sudan has targeted emergency warning systems in Israel and also attacked The Jerusalem Post, a prominent newspaper in Israel.
- The pro-Hamas group, Cyber Av3ngers, launched cyberattacks against the Israel Independent System Operator (Noga), the Israel Electric Corporation, and a power plant in Israel.
- A notorious pro-Russian group named Killnet attacked several Israeli government websites.
- On the pro-Israel front, ThreatSec claimed to have compromised the infrastructure of the Gaza-based ISP, AlfaNet.
- The medical aid for Palestinians has said that their website is under cyber attack, which has hindered relief efforts for Gaza. It has also issued a warning that the website might fall offline shortly as a result of the disturbances.
- Hacker group claiming to be from Jordan breached the system of Ono Academic College, a school near Tel Aviv, and published about 250,000 records of employees, students, and more on Telegram.
These assaults, targeting critical infrastructures and media outlets, underscore the increasing role of cyber operations in contemporary conflicts.
To mitigate these threats, entities should bolster their security measures, focusing on patching exposed SCADA systems and ensuring stringent access controls for critical communication protocols.
Organizations should take the following proactive steps.
- To protect against DDoS attacks—hacktivist groups’ most common tactic—organizations should implement anti-DDoS solutions.
- Conduct a risk assessment of external-facing infrastructure and ensure that any weaknesses—including high-risk vulnerabilities and misconfigurations—are addressed in a timely fashion. Reduce your organization’s internet-facing footprint to minimize the attack surface.
- Ensure that incident response teams are aware of the heightened risks from threat groups reacting to the conflict, ranging from hacktivists to Iranian nation-state-aligned groups. Organizations should update callout lists and put incident response plans in place to react accordingly.