Cyber attacks in the Israel-Hamas war
2023-10-23 21:32:5 Author: blog.cloudflare.com(查看原文) 阅读量:15 收藏

10/23/2023

5 min read

This post is also available in Deutsch, Français, עברית and عربي.

Cyber attacks in the Israel-Hamas war

On October 7, 2023, at 03:30 GMT (06:30 AM local time), Hamas attacked Israeli cities and fired thousands of rockets toward populous locations in southern and central Israel, including Tel Aviv and Jerusalem. Air raid sirens began sounding, instructing civilians to take cover.

Approximately twelve minutes later, Cloudflare systems automatically detected and mitigated DDoS attacks that targeted websites that provide critical information and alerts to civilians on rocket attacks. The initial attack peaked at 100k requests per second (rps) and lasted ten minutes. Forty-five minutes later, a second much larger attack struck and peaked at 1M rps. It lasted six minutes. Additional smaller DDoS attacks continued hitting the websites in the next hours.

DDoS attacks against Israeli websites that provide civilians information and alerts on rocket attacks
DDoS attacks against Israeli websites that provide civilians information and alerts on rocket attacks

Not just DDoS attacks

Multiple Israeli websites and mobile apps have become targets of various pro-Palestinian hacktivist groups. According to Cybernews, one of those groups, AnonGhost, exploited a vulnerability in a mobile app that alerts Israeli civilians of incoming rockets, “Red Alert: Israel”. The exploit allowed them to intercept requests, expose servers and APIs, and send fake alerts to some app users, including a message that a “nuclear bomb is coming”. AnonGhost also claimed to have attacked various other rocket alert apps.

On October 14, we revealed the findings of one of our investigations that was conducted by the Cloudforce One Threat Operations team, who identified malicious Android mobile applications impersonating the legitimate RedAlert - Rocket Alerts application. The malicious apps obtained access to sensitive user information such as mobile phone’s contacts list, SMS messages, phone call logs, installed applications, and information about the phone and SIM card themselves. More technical information about our investigation can be found here.

Screenshot of the malicious site linking to malicious mobile apps
Screenshot of the malicious site linking to malicious mobile apps

Furthermore, Cloudflare has identified an Israeli website that was partially defaced by AnonGhost. This website was not using Cloudflare, but we have reached out to the organization to offer support.

“Death to all Jews” in a part of a website that was hacked and defaced by AnonGhost
“Death to all Jews” in a part of a website that was hacked and defaced by AnonGhost

Continued DDoS bombardment

In the days following the October 7 attack, Israeli websites have been heavily targeted by DDoS attacks. Cloudflare has been helping onboard and protect many of them.

HTTP DDoS attacks against Israeli websites using Cloudflare
HTTP DDoS attacks against Israeli websites using Cloudflare

Since the October 7, 2023, attack, Newspaper and Media websites have been the main target of DDoS attacks — accounting for 56% of all attacks against Israeli websites. We saw the same trends when Russia attacked Ukraine. Ukrainian media and broadcasting websites were highly targeted. The war on the ground is often accompanied by cyber attacks on websites that provide crucial information for civilians.

The second most targeted industry in Israel was the Computer Software industry. Almost 34% of all DDoS attacks targeted computer software companies. In third place, and more significantly, Banking, Financial Services and Insurance (BFSI) companies were attacked. Government Administration websites came in fourth place.

Top Israeli industries targeted by HTTP DDoS attacks
Top Israeli industries targeted by HTTP DDoS attacks

We can also see that Israeli newspaper and media websites were targeted immediately after the October 7 attack.

HTTP DDoS attacks against Israeli websites using Cloudflare by industry
HTTP DDoS attacks against Israeli websites using Cloudflare by industry

Since October 1, 2023, Cloudflare automatically detected and mitigated over 5 billion HTTP requests that were part of DDoS attacks. Before October 7, there were barely any HTTP DDoS attack requests towards Israeli websites using Cloudflare.

However, on the day of the Hamas attack, the percentage of DDoS attack traffic increased. Nearly 1 out of every 100 requests towards Israeli websites using Cloudflare were part of an HTTP DDoS attack. That figure quadrupled on October 8.

Percentage of DDoS requests out of all requests towards Israeli websites using Cloudflare
Percentage of DDoS requests out of all requests towards Israeli websites using Cloudflare

Cyber attacks against Palestinian websites

During the same time frame, from October 1, Cloudflare automatically detected and mitigated over 454 million HTTP DDoS attack requests that targeted Palestinian websites using Cloudflare. While that figure is barely a tenth of the amount of attack requests we saw against Israeli websites using Cloudflare, it represented a proportionately larger portion of the overall traffic towards Palestinian websites using Cloudflare.

On the days before the Hamas attack, we didn't see any DDoS attacks against Palestinian websites using Cloudflare. That changed on October 7; over 46% of all traffic to Palestinian websites using Cloudflare were part of HTTP DDoS attacks.

On October 9, that figure increased to almost 60%. Nearly 6 out of every 10 HTTP requests towards Palestinian websites using Cloudflare were part of DDoS attacks.

Percentage of DDoS requests out of all requests towards Palestinian websites using Cloudflare
Percentage of DDoS requests out of all requests towards Palestinian websites using Cloudflare

We can also see these attacks represented in the spikes in the graph below after the Hamas attack.

HTTP DDoS attacks against Palestinian websites using Cloudflare
HTTP DDoS attacks against Palestinian websites using Cloudflare

There were three Palestinian industries that were attacked in the past weeks. The absolute majority of HTTP DDoS attacks were against Banking websites — nearly 76% of all attacks. The second most attacked industry was the Internet industry with a share of 24% of all DDoS attacks. Another small share targeted Media Production websites.

HTTP DDoS attacks against Palestinian websites using Cloudflare by industry
HTTP DDoS attacks against Palestinian websites using Cloudflare by industry

Securing your applications and preventing DDoS attacks

As we’ve seen in recent years, real-world conflicts and wars are always accompanied by cyberattacks. We’ve put together a list of recommendations to optimize your defenses against DDoS attacks. You can also follow our step-by-step wizards to secure your applications and prevent DDoS attacks.

Readers are also invited to dive in deeper in the Radar dashboard to view traffic and attack insights and trends in Israel and Palestine. You can also read more about the Internet traffic and attack trend in Israel and Palestine following the October 7 attack.

Under attack or need additional protection? Click here to get help.

Click here to protect against malicious mobile apps

A note about our methodologies

The insights that we provide is based on traffic and attacks that we see against websites that are using Cloudflare, unless otherwise stated or referenced to a third party source. More information about our methodologies can be found here.

We protect entire corporate networks, help customers build Internet-scale applications efficiently, accelerate any website or Internet application, ward off DDoS attacks, keep hackers at bay, and can help you on your journey to Zero Trust.

Visit 1.1.1.1 from any device to get started with our free app that makes your Internet faster and safer.

To learn more about our mission to help build a better Internet, start here. If you're looking for a new career direction, check out our open positions.

DDoSAttacksIsraelCloudflare RadarInsightsTrends

Related Posts

November 28, 2023 10:08PM

Cyber Week: Analyzing Internet traffic and e-commerce trends

How significant are Cyber Week days on the Internet? Is it a global phenomenon? Does e-commerce interest peak on Black Friday or Cyber Monday, and are attacks increasing during this time? These questions are important to retailers and stakeholders around the world. ...

    By 

November 24, 2023 3:11PM

Do hackers eat turkey? And other Thanksgiving Internet trends

Offline for turkey time: Which US states logged off on Thanksgiving Day? Is there a difference between coastal and central states? Do hackers take a Thanksgiving break? Are food delivery services gaining or losing traffic? We answer those questions and more...

    By 

October 26, 2023 1:00PM

DDoS threat report for 2023 Q3

In the past quarter, DDoS attacks surged by 65%. Gaming and Gambling companies were the most attacked and Cloudflare mitigated thousands of hyper-volumetric DDoS attacks. The largest attacks we saw peaked at 201 million rps and 2.6 Tbps....

    By 

October 10, 2023 12:02PM

HTTP/2 Rapid Reset: deconstructing the record-breaking attack

This post dives into the details of the HTTP/2 protocol, the feature that attackers exploited to generate the massive Rapid Reset attacks, and the mitigation strategies we took to ensure all our customers are protected...

    By 

文章来源: https://blog.cloudflare.com/cyber-attacks-in-the-israel-hamas-war
如有侵权请联系:admin#unsafe.sh