“The year 2025 once again demonstrated that there is no ‘ceasefire’ in cyberspace,” Israel National Cyber Directorate (INCD) Director-General Yossi Karadi said this week while issuing the agency’s annual report for 2025.
The 119 National Cyber Emergency Center handled about 26,500 cyber-incident reports during the year, a 55% increase compared with 2024, the report said.
Phishing remained the most widespread threat vector, accounting for 52% of all reported incidents, it said.
It was followed by influence operations and psychological warfare, each at about 13% of the incidents, account takeovers across social media, email, and Google services at 11%, and unauthorized system intrusions at 9%, it added.
In 2025, the INCD said it had issued about 2,480 alerts, a 2.5-fold increase compared with the previous year.
The specifics of the increase in alerts
Moreover, of the 2,480 alerts, 2,304 were proactive notifications to organizations based on specific indicators of targeted attacks, even when the organizations themselves were not necessarily aware of the attacks, the report said.
Also, of the nearly 2,480 alerts issued, 93% were targeted notifications sent to specific organizations, 3.7% were economy-wide advisories, 1.3% were sectoral advisories directed at specific industries or peer groups, and 2% were general public advisories, primarily addressing phishing and fraud campaigns, the report said.
During Operation Rising Lion against Iran in June 2025, there was a 75% surge in reports received by the 119 National Cyber Emergency Center compared with the monthly average, it said.
The INCD said its annual report “presents a comprehensive situational assessment of Israel’s cyberspace, including trends in incident reporting, threat intelligence and advisories, vulnerability exposure, cybersecurity investment patterns, and the preparedness and resilience of national critical infrastructure.”
Cyberspace “has become a primary strategic front in safeguarding national security,” Karadi said. “The data leads to a clear conclusion: Every organization, system, and citizen is a potential target of attacks designed to disrupt operational continuity and undermine national resilience. In response to this reality, the INCD has continued to fulfill its core mission – protecting critical infrastructure and ensuring the uninterrupted functioning of the State of Israel.”
Major incidents addressed by the INCD included:
An attempted disruption of operations at Shamir Medical Center in Tzrifin during Yom Kippur.
A supply-chain attack that targeted a software-service provider managing sensitive data for nursing.
A destructive wiper attack, resulting in the deletion of client servers at a cloud-service provider.
INCD said its investigations had “identified the primary initial access vectors as phishing and credential theft via spoofed emails, infostealer malware used to exfiltrate sensitive data, supply chain compromises leveraging third-party vendors as entry points, exploitation of unpatched older-legacy computer systems, security products, remote access services like (VPN/RDP), and the abuse of vulnerable Internet of Things (IoT) network-linked side devices, to gain organizational footholds.”