A New Threat in Cyber Warfare
It has been reported that Cyber Force, a Hamas cyber team, coordinated cyberattacks to coincide with Operation Al-Aqsa Flood. Cyber Force was thought to have been largely dismantled by Israeli efforts over the past several years, but it appears the Hamas unit has played a role in the 7 October attacks and subsequent conflict.
In further support of this claim, Pro-Hamas hacktivists have asserted that Cyber Force breached the computer systems at Israel’s Nevatim Air Force Base, exfiltrating sensitive military data. Although this claim is largely unsubstantiated, Hamas’ tactics surrounding 7 October indicate a sophisticated understanding of Israeli military operations and highlighted potential intelligence vulnerabilities. Hackers from both sides are targeting each other’s infrastructure, as the cyber front increasingly has become a key part of military activities.
Additionally, threat actors from several other countries may have been attacking Israeli targets, aiding the Hamas offensive. Reports on these cyberattacks continue to indicate that the targets are varied and strategic, from media to financial services. These incidents have highlighted concerns about global defense readiness and the broader implications for cybersecurity vigilance for Western countries.
Private Sector Concerns
Recent cyberattacks demonstrate that state-sponsored hackers, including those related to Iran, have created advanced malware that can lie essentially undetectable inside a network for months, discovering the networks’ infrastructure and design and seeking repositories of critical data. The malware can then exfiltrate large amounts of data before the attack is detected. These capabilities and tactics represent a significant advancement over prior Iranian state-sponsored malware.
This is a serious problem not just for governments, but also for the private sector. The reason — advanced malware initially used by state-sponsored actors to advance their governments’ agendas frequently ends up in the hands of criminal gangs who use it against private institutions.
A recent example of this occurred with the MGM Resorts and Caesars Entertainment ransomware attacks (which collectively caused over $100 million in damages). Both casino operators were successfully attacked by “ScatteredSpider,” a lesser-known criminal gang.
Scattered Spider is by all accounts not capable of creating the advanced ransomware it deployed on its own, but instead affiliated itself with the BlackCat/ALPHV ransomware group (a well-known and well-funded criminal enterprise, suspected to have had ties to Russia). This affiliation (a so-called “ransomware as a service,” or RaaS attack) is becoming more common as smaller, less well-funded ransomware gangs continue to seek targets for their malicious activity.
Making matters worse, this advanced malware is fully capable of evading endpoint detection and response defense systems (EDR), which is the type of cyberdefense most commonly deployed by many business organizations, especially SMBs and SMEs, which don’t have the budgets for extensive cyber security infrastructure.
This unfortunate situation was recently spotlighted by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), which issued a warning earlier this year noting that new tactics, techniques, and procedures (TTPs) being employed by cyber criminals allow them to “avoid endpoint detection and response (EDR) products.”
Under these circumstances, effective cyber defense necessitates deploying a comprehensive cybersecurity solution that monitors, collects, and analyzes vital data from network devices and cloud environments, and integrates this with a threat intelligence platform and ongoing network security assessments supported by real-time response from a 24/7/365 security operations center. This is the approach to security that is deployed by large enterprises, with great success.
The Digital Battlefield Continues to Grow
The recent uptick in cyberattacks related to 7 October is not just a temporary risk but the latest escalation in modern cyberwarfare, one that not just Israel, but all nations must reckon with in an increasingly digital battlefield. These attacks appear to be spilling over from military and governmental targets to the private sector. All of us who are engaged in cybersecurity must be focused on these issues and redouble our efforts, because safeguarding the information of the global community transcends issues of intellectual property and financial security; it has become a critical concern with potentially life-and-death implications.
Stay up-to-date with the latest news and trends in cyber security. Follow SECNAP Network Security’s social media channels to get valuable insights, tips, and information to help protect your organization from online threats: