Saturday, October 14, 2023

Israel-Palestine tussle could spill over to cyberspace


Updated - October 13, 2023 

CloudSEK asks Indian organisations to strenghten the cyber armour to thwart attacks

BY K V KURMANATH

The ongoing conflict in West Asia could well spill over to the cyber space, and India may be a target for hacktivists from across the border, according to cybersecurity and intelligence provider CloudSEK.

“Our contextual artificial intelligence digital risk platform XVigil has discovered multiple hacktivist groups planning cyber attacks on India due to their extended support towards Israel amid war-torn situations in West Asia,” said a CloudSEK report.

It cautioned that the cyber attacks on India are to be conducted under their hacktivist campaign, #OpsIsrael #OpIsraelV2. “The motivations behind these attacks primarily revolve around political factors, most of which are retaliatory actions in the ongoing hacktivist warfare between countries,” it said.

Read:Indian IT industry monitors safety amid Israel-Palestine conflict

The attack vector for the campaign will likely be mass defacement, data breaches, credential leaks, & DDoS (distributed denial of services) attacks. “Multiple threat actor groups were involved in the attacks which stood supportive towards Palestine,” it pointed out.

It said it found messages in the dark web that indicated likely attacks on the Indian cyberspace.

The DDoS attacks are aimed at making popular, official and useful websites unavailable to genuine users, disrupting services for several minutes.

Listen: Could the Israel-Gaza conflict affect the progress of the India-Middle East-Europe economic corridor?

“The attacker tricks multiple computers or servers into sending a huge amount of data to a target. This flood of data overwhelms the target’s network, causing it to slow down or crash, making it difficult for legitimate users to access the target’s website or services,” said the CloudSEK report.

The other forms of attacks could include accounts takeovers and leaking sensitive information.

How to be safe

In order to defend the networks, the company wanted organisations to deploy load balancers to distribute traffic and configure firewalls and routers to filter and block traffic. It also asked organisations to implement bot-detection technologies and algorithms to identify large-scale Web requests from botnets employed by the threat actors to launch DDoS attacks.


Hybrid war comes to the Middle East. 

SUMMARY
By the CyberWire staff

 V7 | Issue 40 | 10.14.23

Disinformation in the war between Hamas and Israel.

The war that intensified Saturday with major attacks into Israel by Hamas has been accompanied by extensive disinformation, some of it directed by authorities (for the most part Hamas and governments sympathetic to Hamas) but much of it also spontaneously posted, especially in X, the platform formerly known as Twitter, but in other platforms as well. TikTok (where, for example, footage from video games has been presented as video of Israeli airstrikes) and Telegraph (where, for example, unverified and often false claims of successful cyberattacks have proliferated) have been prominent among those other platforms. But Twitter seems to have been particularly receptive to disinformation, in part because the sale of blue checks has eroded such filters that media outlets had once imperfectly but usefully provided: it's now more difficult to determine what reports originate from organizations that vet their reporting. X has also tended to promote inflammatory false information, amplifying it because such content generates engagement. And the platform's influencer culture gives careless influencers outsized clout with users.

But much of the influence being pushed doesn't involve disinformation proper. The New York Times has an overview of how Hamas has posted, often to X, the platform formerly known as Twitter, images of its atrocities against civilian victims in Israel. These are intended as both expressions of triumph and as incitement to further atrocities. X has been widely criticized for its failure to screen, filter, rate, or otherwise effectively moderate content. Changes to X's content moderation policies have, CNN reports, more-or-less adopted celebrity as a standard of newsworthiness, and largely abandoned attempts to expose coordinated inauthenticity. A European commissioner has written X to warn the platform that its failures in this respect may constitute a violation of the European Union's Digital Services Act (DSA).

Hacktivism and state action in Hamas's campaign against Israel.

"At least 15 known cybercriminal, ransomware, and hacktivist groups," by the Register's count, "have announced their active participation in disruptive attacks targeting institutions in Israel and Palestine." International supporters of both parties to the conflict are also coming under cyberattack. Some of the groups have long been aligned with Hamas, others with Israel, and still others are ramping up operations against a long-term enemy whose support for Israel or Hamas serves as either pretext or provocation. While most of the activity has been familiar distributed denial-of-service (DDoS) or nuisance-level defacement, some of it has targeted, SecurityWeek reports, infrastructure (especially electrical power distribution) and military command-and-control (especially Israeli Iron Dome anti-rocket systems). It seems the attempts against infrastructure and C2 have so far had limited effect. According to HackRead one pro-Hamas group, AnonGhost, seems to have been able to exploit a vulnerability in the Israeli Red Alert civil defense app to transmit false warnings of missile strikes.

Group-IB has been following both sides' hacktivist activity, and ReliaQuest has published a useful overview of the conflict in cyberspace, along with some brief recommendations for actions organizations can take during what should be a period of heightened alert. That said, US NSA cybersecurity director Rob Joyce commented that the cyber phases of the war have so far been largely confined to nuisance-level hacktivism. “But we’re not yet seeing real [nation] state malicious actors,” the Wall Street Journal quotes Joyce as saying. Israel has taken action against Hamas funding, seizing Hamas-linked Binance cryptocurrency accounts, Financial Magnates reports. Israel has also worked with British authorities to freeze at least one Barclays account linked to Hamas fundraising.

International hacktivists join the cyber conflict.

Researchers at Radware outline the course the cyber phases of the war have taken--DDoS, for the most part. The hacktivist groups Radware has observed conducting or at least claiming attacks in support of Hamas include the Indonesian threat actor Garnesia_Team, Ganosec Team (also from Indonesia), the Moroccan Black Cyber Army, Mysterious Team Bangladesh, Team Herox (from India), Anonymous Sudan (which presents itself as a religious and political group from its eponymous country, but which in fact is a Russian auxiliary) and, of course, the Russian group KillNet, 

Russian hacktivist auxiliaries have not been unanimous on the war in the Middle East. KillNet has been outspoken against Israel during the current fighting Hamas initiated last weekend, as has Anonymous Sudan. The Cyber Army of Russia disagrees sharply, not because it wishes to engage on behalf of Israel, but because the Cyber Army sees war in the Middle East as a distraction from Russia's main concern: the war in Ukraine. Cyble's Cyber Express reports that the Cyber Army of Russia is seeking to organize sentiment against KillNet under the hashtag #STOPKillNet.

Hacktivists (and hacktivist auxiliaries) who've joined the war Hamas began against Israel Saturday have claimed widespread and substantial damage to important systems, but so far their activities haven't extended much farther than familiar distributed denial-of-service operations and site defacements. Claims of attacks against, for example, electrical power distribution, seem to be for the most part attention-getting brag. AnonGhost's compromise of the RedAlert app, designed to send attack warnings to smart phones, seems the most consequential of the cyber operations so far. The Wall Street Journal describes threats of more significant cyberattacks. These haven't materialized yet, but concern will mount as threat actors more capable than ordinary hacktivists join the action. Security firm Sepio told the Journal that they've seen a rise in activity from Iran and Syria, as well as from Russian hacktivist auxiliaries.

Most of the hacktivism has been conducted in the interest of Hamas, but at least one Israeli group--either a front group or a hacktivist auxiliary--has reemerged to take a role in the conflict. Predatory Sparrow, known for operations against Iran, has been observed probing Iranian sites and posting warning messages, CyberScoop reports. "You think this is scary?" the messaging said, in Farsi. "We're back. We hope you're followng the events in Gaza." Iran has long been Hamas's patron, and is widely suspected of having provided both planning and logistical support to the Hamas operation.

A volunteer group acting for Israel, functions as an augmentation to intelligence services. The Wall Street Journal reports that the Israel Tech Guard, formed by workers in the country's cybersecurity sector, has been concentrating on the labor-intensive work of looking through online content to, among other things, seek to identify and locate Israelis taken hostage by Hamas. The volunteers are also working to secure online tools that contribute to public safety, like the Red Alert app compromised in the early hours of Hamas's assault.

No comments:

Post a Comment