This threat landscape SOC Note does not cover any details of the ongoing ground war. Links to sources that contextualise the Israel-Hamas war have been included below.
If you have spent any time consuming the news or social media, no doubt you are familiar with the war between Hamas and Israel in Palestine. In the current landscape, conflict on the ground often leads to conflict in the cyber security landscape with “hacktivist” groups pursuing entities motivated by political, economic or social reasons. This has led to hacktivist groups ramping up operations what SOCRadar alleges is a majority of hacktivist groups performing attacks in support for Hamas. [1]
Many of the attacks that have been initiated by hacktivists are targeting Israeli interests and organisations. With one group claiming to have breached a wastewater treatment plant in Israel and another group claiming to have the confidential details of 7000 Israeli military personnel. Additionally, Israeli hospitals have been targeted by Distributed Denial of Service (DDoS) attacks.
While these cyber attacks are primarily focused on Israel, threat actor groups are looking casting a broader net with sights set on countries that support Israel. Threat actor groups have specifically called out Singapore and Japan as targets for DDoS attacks, website defacement, SQL injection amongst other attack types. There are additional calls to target the US, Canada, the UK, India, Italy and others who have publicly supported Israel.
This leads squarely into how this will affect Australia. Penny Wong, the Australian Minister for Foreign Affairs, stated that Australia stood with Israel and their right to defend themselves. [2] Australia’s stance has lead to a group called IRoX to put Australia on their hit list. According to Cyberknow, a threat intelligence publication, Australia has thus far not been threatened or targeted by any other attack as of October 20th. [3]
Cyberknow, are treating the threat from IRoX as 'Alert but not Alarmed" due the manner in which IRoX carry out their attacks. Cyberknow have been able to replicate IRoX’s breaches by collating publicly available data found through Google or by using previously breached data. It is important to stress that IRoX to appear to be highly motivated but their threat level is yet to be determined by those in the threat intelligence community.
The likelihood of Australian businesses and government entities being targeted by a hacktivist organisation is possible. Should attacks occur, threat intel suggests that it will be in the form of DDoS attacks and will likely mirror others seen in the past few weeks. There are a number of steps that can be taken to mitigate risk against potential hacktivist activity.
- Ensure any public facing website has some kind of DDoS detection and prevention system through a Web Application Firewall.
- Perform ongoing patching and remediation policies, especially on external internet facing devices and services.
- Advise employees to report any attempted communication through email, voice or text with reference to the Israel-Hamas War.
- Ensure rigorous password policies are in place along with lockouts and MFA to prevent brute force attempts.
The Hamas-Israel War is a rapidly changing situation and what has been outlined here is correct at time of publication. Should there be any rapid developments of heightened risk for Australia, Cythera will reach out with an update. If you have any questions or concerns regarding the content above, please feel free to reach out to us.
Context for the Israel-Hamas War
Cited sources
Additional sources
