According to the Shin Bet and the National Cyber Directorate, there has been a significant rise in recent months in targeted phishing attempts aimed at gaining access to sensitive personal information, including home addresses, personal relationships and routine locations. This data is then used to plan attacks against individuals in Israel by Israeli-based terrorist cells recruited by Iran.

The Iranian operatives typically reach out via WhatsApp, Telegram or email, crafting a personalized cover story tailored to the target's field of work. The primary method involves sending a fraudulent link to a supposed Google Meet call. Once the user clicks the link, they are prompted to enter a username and password, which are then harvested by the attackers. This information enables access to Gmail accounts, additional passwords, images, geolocation data and other sensitive materials.

Other methods include fake applications that appear legitimate, or malicious files sent for reading or confirmation, which install spyware on the victim's computer.

A Shin Bet official stated: "We are witnessing continued, relentless efforts by hostile actors as part of the campaign Iran is waging against Israel. The public must remain vigilant and cautious, these cyberattacks can be prevented through awareness, skepticism and proper online conduct, particularly by avoiding clicks on unidentified links."

The post Shin Bet thwarts dozens of Iranian cyberattacks appeared first on www.israelhayom.com.

Cybersecurity experts are warning of a significant increase in hacktivist activities planning to attack Israeli targets ahead of April 7. According to the latest report from Radware's Research Center, researchers have observed extensive preparation ahead of the annual OpIsrael and OpJerusalem campaigns.

The campaign, which began in 2013 by the hacktivist group Anonymous, occurs annually with the aim of attacking Israeli websites and online services. This year, analysis of social media traffic indicates that approximately 48 different hacktivist groups are coordinating attacks.

"We are witnessing a significant increase in hacktivist activity targeting Israel in recent weeks," Ron Meyran, VP of Cyber Threat Intelligence at Radware noted. "Our analysis shows a clear pattern of early preparation, with unprecedented collaboration between groups with different motivations. Unlike previous years, we now see more advanced technical capabilities that can bypass traditional defenses. Additionally, we have identified a clear increase in the use of hashtags such as #OpIsrael and #FreePalestine in Telegram channels of known attack groups starting from March 20. This pattern is similar to activity observed in previous years in the period leading up to April 7."

Unlike previous years, the OpIsrael attack campaign emphasizes that this year's activity will extend beyond Israel itself: Hacktivists are interested in bringing to the forefront entities and countries that support Israel, such as the US and European countries, which are or have been historically involved in shaping the geopolitical reality of the region. Among the expected threats: Distributed Denial of Service (DDoS) attacks aimed at paralyzing government services provided to the public or leading businesses in the economy, website defacement, attempts to steal business or classified information, and possible damage to critical infrastructure of the State of Israel. The Israel National Cyber Directorate (INCD) has already issued alerts to organizations in Israel to prepare for possible attacks, especially ahead of Iranian Jerusalem Day beginning on March 28 and the annual campaign on April 7.

Security experts recommend that organizations check and update their defense systems, implement behavior-based detection solutions for rapid identification of anomalies, and develop a response plan for cyber incidents.

The post Security experts warn: Wave of anti-Israeli cyber attacks expected in coming days appeared first on www.israelhayom.com.

Following two recent cyber attacks on credit institutions and facing threats from Iranian government-affiliated groups of an imminent cyber strike against Israel planned for Friday, the Bank of Israel has called an emergency preparedness session.

The high-level meeting, coordinated with Israel's National Cyber Directorate, included representatives from the country's major banks, credit companies, and other financial institutions. Israeli commercial airlines were also notified of the potential threat.

Yesterday's situation assessment brought together senior officials from the Bank of Israel, the National Cyber Directorate, and the cybersecurity forum representing banks and credit card companies. They evaluated various scenarios that could unfold Friday, following the Iranian Anonymous for Justice group's threats to target Israel's financial infrastructure.

72 hours...
Still you have time to save your capital. The risk of not paying attention to our warnings can come at the cost of destroying your life.

נותרו רק 72 שעות.
עדיין יש לכם זמן להציל בכסף ובהון שלכם. אם אתם רוצים לקחת סיכון ולהתעלם מהאזהרות שלנו, דעו שההתעלמות הזו תעלה… pic.twitter.com/UBu9jFieCb

— Anonymous For Justice (@anonyforjustice) November 12, 2024

While an attack is considered likely, its precise nature and scope remain uncertain. Officials are particularly concerned about potential disruptions to credit card clearing operations, similar to the recent attacks on the SHVA clearing house, which could trigger increased cash withdrawals across Israel. The Cyber Directorate plans to implement several countermeasures in the coming days to thwart the Iranian group's intentions.

Both the Bank of Israel and the National Cyber Directorate have urged banks, credit companies, and financial institutions to enhance their preparedness and share any relevant intelligence. Their primary goal is to maintain business continuity regardless of the attack scenario.

The threat follows two significant cyber attacks in the past month against credit companies – one targeting SHVA and another striking Credit Guard two days ago – both of which caused nationwide disruptions to credit payment services.

In response, the Bank of Israel stated: "The Bank of Israel maintains ongoing contact, continuously and especially during these days, with the banking system, the Cyber Directorate, and other relevant bodies to prepare and ensure continuity of various customer services according to developments."

The post Iran's latest threat to Israel: 72-hour countdown to cyber attack appeared first on www.israelhayom.com.

In an exclusive interview with Israel Hayom, cybersecurity expert Rafael Franco reveals the escalating cyber threats facing Israel. With daily attacks causing billions in economic damage, Franco warns of a potential catastrophic strike on critical infrastructure, highlighting the dangerous collaboration between Iranian and Russian cyber capabilities.

Since the beginning of the Iron Swords war, Israel has been grappling with a daily wave of thousands of cyber attacks, primarily from pro-Palestinian and Iranian sources. A report published about a month ago by Israel's National Cyber Directorate estimates the economic damage from these attacks at no less than 12 billion shekels per year.

To understand the scale and significance of the cyber front Israel is facing, one need only look at the attacks carried out in recent weeks. About two weeks ago, the pharmaceutical company Rekah was forced to shut down its distribution system due to security breach concerns. Prior to that, a real estate website was disabled following a similar attack, and in an equally serious incident that occurred about a month ago, hackers breached the databases of the leading law firm Goldfarb Seligman.

In a conversation with Israel Hayom, Rafael Franco, founder and CEO of the cyber crisis management company Code Blue and former Deputy Head of the National Cyber Directorate, assesses that "despite the damage they caused, these attacks have actually made the Israeli economy's recovery capacity much more efficient. We see businesses that were attacked managing to return to routine relatively quickly, which is very important."

Franco states, "Despite this improved recovery capability, Israel still faces a critical strategic vulnerability: the centralized management of our national infrastructure. How many 'Israel Electric Corporation' are there? How many 'Mekorot' [Israel's water company] companies are there? The country consists of a few companies that are the exclusive providers of strategic infrastructures."

"A massive cyberattack, one that disrupts the supply of electricity or water flow in Israel, is an event that can disrupt an entire country. If in the past Iranian efforts focused mainly on small and medium Israeli organizations with low levels of defense and awareness, in recent years Iran has been making enormous efforts to carry out a critical infrastructure attack against national companies," he claims.

"An event of this magnitude, if successful, could lead to a real disaster. Additionally, the Iranians understand very well how much of a moral blow this would be, causing enormous damage to the State of Israel and its citizens," Franco explains.

How close are the Iranians to carrying out such an attack?

"In recent months, starting from October, we have indeed witnessed a dramatic increase in attack attempts against various entities in the country, some more successful than others. So far, attempts to damage infrastructure have not really succeeded, and the main impact has been on medium-sized organizations and below.

"Although there has not yet been physical damage, the Iranians have managed to break into the systems of organizations of great importance, including medical institutions and academic institutions. They have managed to get their hands on a lot of information, which, although not strategic, is enough to cause economic damage to the economy.

"Let's be clear: while these recent attacks may appear to be of Palestinian origin, they're actually being executed by Iranian operatives with Russian strategic guidance."

How has Russian support strengthened the Iranian cyber array?

"Let's start with the fact that even before Tehran strengthened its strategic connection with Moscow, Iranian technology and research capabilities were considered relatively high, with the University of Tehran ranked among the top 500 universities in the world according to the Shanghai Index. Alongside these capabilities, the development in cyber in the last two years is a direct result of the strategic connection with Russia.

"In exchange for Tehran's unprecedented export of drones and weapons to Moscow, the Russians are enhancing and supporting Iranian cyber capabilities. This connection has developed the Iranian cyber array and led to its construction as an important and central factor in the campaign against Israel.

"The Russians, for their part, have long understood how critical psychological warfare and extensive use of fake news is in undermining enemy resilience, and the Iranians have adopted these tactics. Quite a few attacks make use of fake news and attempts to polarize Israeli public discourse."

How prepared are we for the next attack?

"The war has led the Israeli cyber industry to a boom it hasn't experienced for a long time, due to constant friction with attackers and the incorporation of Israeli creativity. The proof of this is the almost bi-weekly number of exits of Israeli cyber companies.

"However, the rapid advancement of Iranian cyber capabilities necessitates a shift in how we approach cybersecurity across our entire economy. A structured strategy, and consistent and clear guidelines through all bodies and factors in the Israeli economy, are critical to the continuous functioning of the State of Israel. Awareness of the threat, along with proper emergency preparedness that will allow rapid recovery from cyber attacks, is what will make the chances of Iranians significantly harming Israeli society lower."

The post 'A massive cyberattack can disrupt all of Israel' appeared first on www.israelhayom.com.

Cybercrime group ShinyHunters claimed to be behind the breach and to be in possession of personal data from over 500 million accounts. The group is offering to sell the data on the dark web.

Live Nation is investigating the data breach, cooperating with law enforcement, and taking steps to mitigate risks to users, but the breach is not expected to have a significant impact on the company's business or finances.

The data breach may be linked to attacks against company accounts with cloud hosting provider Snowflake, and the incident could lead to scams involving fake ticket sales, exposing individuals in the U.S., Canada, and New Zealand.

The U.S. Justice Department sued Live Nation and Ticketmaster on May 23, accusing them of running an illegal monopoly over live events in America, and a consumer class action lawsuit is seeking $5 billion in damages against the companies.

Australian authorities are aware of the Ticketek cyber incident and are advising Australians to remain vigilant against potential scams and phishing emails and to enhance their online security measures.

Sources: The Guardian, CBS, Independent, Wired, Sky News, New York Times

This article was written in collaboration with Generative AI news company Alchemiq.

The post Ticketing company Ticketmaster hacked, personal data from hundreds of millions of accounts offered for sale appeared first on www.israelhayom.com.

The deepening relationship between Iran and Russia is one of the negative trends in our region that has greatly alarmed the Israeli security establishment in recent times. So far, reports have mainly focused on Iran's extensive assistance to Russia – primarily in the form of selling drones that the Russians have used in their war against Ukraine. However, the security, economic, and strategic ties between the two countries have tightened significantly, and Russia's commitment to Iranian interests in the Middle East appears to be growing stronger, undoubtedly having negative implications for Israel.

Beyond Iran's desire to receive aircraft, helicopters, radar systems, and other weaponry from Russia in return, one of the issues troubling the Israeli security establishment is the convergence between Iran and Russia in the cyber domain, particularly the transfer of state-sponsored, advanced cyber capabilities from Russia to Iran. These are sophisticated tools developed by governments using taxpayer funds, unlike the capabilities of individual hackers.

While Iran is known to possess decent cyberinfrastructure, Russia is a cyber superpower and one of the few countries in the world with nation-state-level cyber capabilities. Israel is also considered a nation with such capabilities.

According to a source familiar with the details, "Superpowers like Russia have capabilities that terrorist groups or other countries do not have. Russia has different tools that can inflict significant damage on its adversaries." The source added, "The cyber apparatus is focused on defense, and the defense is constantly working. We are also preparing for significant attacks."

Since the beginning of the war on Oct. 7, there has been a several-hundred-percent increase in significant cyber attacks on Israel, effectively a 2.5 to 3-fold rise. The main targets of these attacks have been healthcare infrastructure, academia, service and integration entities, and other critical infrastructure. Israel is also bracing for attempted attacks on the electricity grid, water systems, and other vital infrastructure.

The concern is future-oriented

Since the beginning of the war, thousands of attacks have been carried out against targets in Israel, with around 1,000 of them aimed at significant entities, posing a potentially severe risk of damage. At this stage, the damage has been "contained," and thanks to the defense apparatus, no significant harm has been caused.

According to a senior official familiar with the details, "The scale of the attacks is unprecedented; all Iranian groups are working hard. Iranians are collaborating closely with the Russians, transferring conventional arms and drones but likely also gaining access to sophisticated Russian cyber warfare capabilities." Another source noted that Israel's healthcare system has been taking the cyber threat particularly seriously. Providers have developed detailed risk scenarios and are bolstering cyber defenses while also ensuring they can quickly recover operations through backup systems and contingency plans.

It's important to note, however, that at present the national cyber defense apparatus has not detected any changes in the technological level, and the preparation is primarily for the future. "Most of the current attacks are carried out using technologies that do not require nation-state-level capabilities. At the moment, mainly known vulnerabilities in the security system are being exploited, which is why it is crucial to update security measures, however, some companies across various sectors have not updated their cybersecurity measures adequately. The concern is future-oriented."

The post Israel fears Russia may transfer advanced cyber capabilities to Iran appeared first on www.israelhayom.com.

Iran's president said Wednesday that a cyberattack that paralyzed every gas station in the Islamic republic was designed to get "people angry by creating disorder and disruption," as long lines still snaked around the pumps a day after the incident began.

Follow Israel Hayom on Facebook and Twitter

Ebrahim Raisi's remarks stopped short of assigning blame for the attack, which rendered useless the government-issued electronic cards that many Iranians use to buy subsidized fuel at the pump.

However, they suggested that he and others in the theocracy believe anti-Iranian forces carried out an assault likely designed to inflame the country as the second anniversary of a deadly crackdown on nationwide protests over gasoline prices approaches.

"There should be serious readiness in the field of cyberwar and related bodies should not allow the enemy to follow their ominous aims to make problem in the trend of people's life," Raisi said. State television later aired footage of the president visiting a gas station in central Tehran.

The attack Tuesday also bore similarities to another that took place months earlier that seemed to directly challenge Iran's supreme leader Ayatollah Ali Khamenei as the country's economy buckles under American sanctions.

On Wednesday morning, the state-run IRNA news agency quoted another official who claimed 80% of Iran's gas stations had begun selling fuel again. Associated Press journalists saw long lines at multiple gas stations in Tehran. One station had a line of 90 cars waiting for fuel. Those buying ended up having to pay at higher, unsubsidized prices.

The semiofficial ISNA news agency, which first called the incident a cyberattack, said it saw those trying to buy fuel with a government-issued card through the machines instead receiving a message reading "cyberattack 64411."

While ISNA didn't acknowledge the number's significance, that number is associated with a hotline run through Khamenei's office that handles questions about Islamic law. ISNA later removed its reports, claiming that it too had been hacked. Such claims of hacking can come quickly when Iranian outlets publish news that angers the theocracy.

Farsi-language satellite channels abroad published videos apparently shot by drivers in Isfahan, a major Iranian city, showing electronic billboards there reading: "Khamenei! Where is our gas?" Another said: "Free gas in Jamaran gas station," a reference to the home of the late Supreme Leader Ayatollah Ruhollah Khomeini.

The use of the number "64411" mirrored the attack in July targeting Iran's railroad system that also saw the number displayed. Israeli cybersecurity firm Check Point later attributed the train attack to a group of hackers that called themselves Indra, after the Hindu god of war.

Indra previously targeted firms in Syria, where President Bashar Assad has held onto power through Iran's intervention in his country's grinding war.

Abolhassan Firouzabadi, the secretary of the Supreme Council of Cyberspace, linked the attack to the Iran's rail system assault in July in comments reported by IRNA. He also said it affected all of Iran's 4,300 gas stations nationwide.

"There is a possibility that the attack, like a previous one on railway system, has been conducted from abroad," Firouzabadi said.

However, a former deputy telecommunications minister, Amir Nazemy, earlier wrote on Twitter that the "infrastructure of system of gas stations is an exclusive network and this sort of communications were not on the internet." That raises questions on whether someone inside of Iran with access to the system launched the cyberattack or otherwise facilitated it.

A previously unheard-of group claimed responsibility for the cyberattack hours afterward late Tuesday, in a message on the messaging app Telegram. It did not provide any evidence that it carried out the assault

On Tuesday, Gholam Reza Jalali, the commander of Iran's Civil Defense Organization, accused Israel of carrying out the attack.

"The Zionists are behind the severe disruptions" to the country's gas stations. On Monday, Jalali said Israel was incapable of significantly harming Iran.

Cheap gasoline is practically considered a birthright in Iran, home to the world's fourth-largest crude oil reserves despite decades of economic woes.

Subsidies allow Iranian motorists to buy regular gasoline at 15,000 rials per liter. That's 5 cents a liter, or about 20 cents a gallon. After a monthly 60-liter quota, it costs 30,000 rials a liter. That's 10 cents a liter or 41 cents a gallon. Regular gasoline costs 89 cents a liter or $3.38 a gallon on average in the US, according to AAA.

In 2019, Iran faced days of mass protests across some 100 cities and towns over rising gasoline prices. Security forces arrested thousands and Amnesty International said it believes 304 people were killed in a government crackdown. Tuesday's cyberattack came in the same month in the Persian calendar as the gasoline protests in 2019.

Subscribe to Israel Hayom's daily newsletter and never miss our top stories!

The attack also came on the birthday of the late Shah Mohammad Reza Pahlavi who, stricken with cancer, fled the country in 1979 just before the Islamic Revolution.

Iran has faced a series of cyberattacks, including one that leaked video of abuses at its notorious Evin prison in August.

The country disconnected much of its government infrastructure from the internet after the Stuxnet computer virus – widely believed to be a joint US-Israeli creation – disrupted thousands of Iranian centrifuges in the country's nuclear sites in the late 2000s.

Iran, long sanctioned by the West, faces difficulties in getting up-to-date hardware and software, often relying on Chinese-manufactured electronics or older systems no longer being patched by manufacturers. That would make it easier for a potential hacker to target. Pirated versions of Windows and other software are common across Iran.

The post Iran's president says cyberattack meant to create 'disorder' appeared first on www.israelhayom.com.

The personal information of thousands of Israelis was compromised Saturday following a cyberattack on the database of a major Israeli financial services firm.

Follow Israel Hayom on Facebook and Twitter

According to a report in Walla News, "BlackShadow," the same group that carried out a cyberattack on the Shirbit insurance company in December, managed to breach the database of KLS Capital, which has over 26,000 clients.

"Their servers are down and we have all their clients' information," the group wrote on the Telegram instant messaging platform.

According to reports, the hackers demanded a 1.9 million shekel ($570,000) ransom in bitcoin, which KLS refused to pay.

According to BlackShadow, following 72 hours of failed negotiations, they began to leak thousands of the company's documents, including clients' driver-license photos, ID numbers – including that of the CEO – client, and copies of checks.

"Approximately three days ago, the National Cyber Security Authority contacted KLS Capital and warned of a possible cyber-attack on the company," the firm, founded 20 years ago, said in a statement, adding that the strike was similar to others carried out by Iran in the past, where Israeli government, civil and private institutions were targeted.

The company acted immediately to protect its servers and worked together with the National Cyber Directorate to investigate the incident, the statement said.

"It is not yet known how much information had been revealed and the company will be in touch with its clients based on findings."

The NCD issued a statement calling on companies to take the necessary steps to prevent cyberattacks and take responsibility for their clients' information.

Ido Naor, founder and CEO of cybersecurity company Security Joes explained that BlackShadow "did not change its pattern" with its latest attack.

 Subscribe to Israel Hayom's daily newsletter and never miss our top stories!

"This group brands itself as anti-Zionist and it aims to create political propaganda. This attack shows that the hackers are not trying to breach a significant target, or they simply lack the skills to do so."

He further noted that "we've recently seen some very dangerous vulnerabilities in the Microsoft email exchange that are used, time and again, by skilled hackers. Still, Blackshadow didn't opt for that route. It's hard to believe that another cyberattack will resonate as much as the first one did."

i24NEWS contributed to this report. 

The post BlackShadow strikes again, hits major Israeli financial firm appeared first on www.israelhayom.com.