The unfortunate new state of normal
Middle East tensions significantly increased following the UK designated terrorist group Hamas attacked Israel on 7th October.
The physical destruction of Gaza and human loss of life following the attack has been significant and as of today there appears to be little progress to resolve this situation via dialogue, political and peaceful means.
What is little discussed is how modern conflicts have a cyber operations component used by both sides of any conflict.
Cyber operations motivated by this conflict are likely to increase in the region and more widespread as the war continues.
How cyber operations have played a part in this war?
Localised cyber activists immediately joined the fray through attacking entities of both Israel and Palestinian territories. Targets are mainly Critical National Infrastructure (CNI) including Government, Energy and Communications infrastructures.
What has been seen is low level technical capability attacks such as DDoS and website defacements. These low-level attacks are limited in their disruptive capability and impact. It has been reported attacks have been made against Israeli radar and rocket alert system, NOGA power gris and DORAD power plant.
However, the choices of targets, timing and engagement of pro-Russian and pro-Iran cyber groups indicate a level of co-ordination to assist Hamas’ attack and disrupt and complicate Israeli response. In comparison, pro-Palestinian groups are targeting Israeli Government and media sites.
At the beginning of the conflict targets have been primarily focussed on Israeli and Palestinian organisations. Prolonged conflict can and has resulted in a change to increase the targets from localised to supporters of each side. It has been reported the ‘Ghost of Palestine’ a cyber activist group has called upon the global cyber community to attack targets in Israel and the US.
As this war progresses through intensity or length, so will cyber operations.
Israel and Palestine will be in a heightened state or awareness. Cyber actors including pro-Palestine activists and non-state and proxy groups aligned to pro-Russia and pro-Iran will continue to disrupt Israeli responses. As the war progresses organisations aligned to Israel will also become (in their view) legitimate targets with possible increase in technical capability to increase impact,
Espionage will be employed by both sides as the cyber operations grow wider. It is anticipated supporters of Hamas such as Hezbollah and other Shia Islamist movements will attempt to target US, UK and EU banking, telecommunications, IT and technology industries.
A significant escalation in violence within the conflict will draw in state-aligned cyber-criminal groups that may drive a more destructive behaviour and out come from cyber operations. A fully blown regional conflict with direct participation of Iran would significantly increase the likelihood of Advanced Persistent Threat (APT) groups and well-resourced proxy groups engaging in highly disruptive campaigns at a regional and possible global level against supporters of Israel, namely US, UK and EU organisations.
As western nations stand steadfast in support of Israel and its response to the Hamas attack, we can reasonably expect attacks on UK organisations to increase from sympathisers and worst from proxies or nation states if the conflict grows into a wider regional war.
If you are an organisation that is, or feels at more risk, of increased threat, the response to this conflict is no different to what is required every day.
- Ensure incident response and management plans are in place.
- Maintain awareness of the threat landscape and review intelligence briefings.
- Deploy advanced endpoint security controls and ensure all users are enrolled into MFA for critical systems.
- Ensure all systems, software and hardware are patched and up to date.
- Maintain immutable backups and review disaster recovery procedures.
- Monitor and review security alarms or events in a timely manner e.g. not 1 week later
2tela help businesses protect themselves against cyber criminals and activists.
For more information regarding this post or if you have a requirement please do not hesitate in contacting us via email (email@example.com) or call (01903 947780).