With all eyes on Russia and Ukraine, a cyberattack hit Israeli government websites late Monday night. The attack, which was initially announced by Israeli defense sources, was said to be one of the biggest in the country’s history. However, a day later, with the digital fog of war clearing, the reality looks somewhat different.
The Israeli cyber authority confirmed that the attack had occurred late Monday. However, by Tuesday morning, claims about the biggest attack in Israeli history had all but dissipated. “This was a routine attack – albeit one with serious volume – but not rare or significant,” Erez Tidhar, head of the cyber authority's Computer Emergency Response Team, or CERT, told Haaretz through a spokesperson Tuesday. So what actually happened? What do we know and what remains to be seen?
At 7:15 P.M., a number of Israeli websites fell offline, including the website for the Health Ministry and others. By 8:30 P.M., a defense source had briefed Israel’s military correspondents, saying that Israel was under a “wide-scale cyberattack”. The attack, the source said, was perhaps the biggest in Israeli history.
By 9:00 P.M., the truth was slowly starting to emerge: Israel, the cyber powerhouse that has long engaged in proxy cyber wars against enemies like Iran, was hit with what is called a DDoS attack. These attacks are considered to be the lowest rung of cyberattacks, the least sophisticated and the easiest to identify. A far cry from the complex attacks attributed to Israel, Iran, or even North Korea, the attack is tantamount to flooding a computer with multiple requests until it crashes. In this case, Israeli state websites were pummeled with traffic and queries until their servers buckled under the pressure.
By 9:00 P.M., full access had been restored. “The attack caused a short outage and temporarily prevented access to some Israeli websites,” the authority said this morning.
The Israeli Internet Association, which monitors traffic to and from Israel, said late last night that it did indeed register a massive uptick in traffic. However, it seemed traffic was flowing to all websites hosted by a local mobile provider, not just Israeli state sites. In other words, it is very possible that other websites that are not linked to the government crashed, but nobody noticed.
- Israeli Government Sites Crash in Cyberattack
- Russia-Ukraine Cyberwar: Five Things We Learned
- ‘Risk of All-out Cyberwar Is Entirely Possible. The Fear Exists and Is Growing’
As soon as the attack was confirmed, social media was abuzz with claims that this was a state attack on Israel, one that had most likely been launched by Iran or Iranian-affliated hackers. The cyber authority maintains that it is still too early to know: “The event is still under investigation and potential ‘suspects,’ at this stage, include anything from criminal cyber groups to hacktivists to state agents.”
Omri Segev Moyal, a cyber security expert who has previously worked on state attacks, says that the unsophisticated nature of the attack is reminiscent of earlier attacks launched by Iranians, for example a 2013 DDoS attack that he described as “smaller in scale and volume.”
He and others note that the attack is more in line with pro-Iranian activists than a state operation intended to inflict debilitating harm on Israel. Other cyber experts took to social media, urging Israel to defend itself against Iranian aggression.
Segev Moyal remains a bit more skeptical about the spectacle: “Attacks like these, as is also the case with previous ransomware attacks [against Israel], are intended to create PR wins for the attackers.”
Another industry source goes one step further, saying that if the attack was indeed Iranian, the Israeli defense establishment’s scaremongering actually gave the “Iranian propaganda efforts a win.”
What’s the truth?
The research department at CheckPoint, perhaps Israel's biggest and most famous defense cyber security corporation, published some additional data Tuesday morning that may shed some light on the true nature of the attack. According to their findings, there has been a massive, global uptick in cyberattacks since the Russian invasion of Ukraine began. In fact, this rise comes on the tail of another one sparked by the coronavirus, sometimes called “cyber COVID.”
"In Israel, we have seen a 21 percent increase in attacks since the fighting started [in Ukraine],” says Gil Messing, CheckPoint’s spokesperson, in response to a question regarding Israel and the fighting in Ukraine.
Other experts all stress that there is no direct connection between Ukraine and Israel and the attack was not in response to Israel’s mediation efforts, for example.
“There is also a 22 percent increase of attacks focusing on government and military targets in Israel,” he says based on CheckPoint's researcher. In other words, according to the data, the increased attacks on Israel are completely in line with the global trend.
Per the cyber authority, as this is not a rare or unique attack, it actually shows how following protocol brought the attack to an end in under an hour.