Cyber Authority runs nationwide anti-hacking drill

According to an INCD statement, the drill will focus on employees from around 20 large organizations who will be targeted with a wide variety of 'phishing' hacking techniques.

 The National Cyber Directorate in Jerusalem (photo credit: MARC ISRAEL SELLEM/THE JERUSALEM POST)
The National Cyber Directorate in Jerusalem
(photo credit: MARC ISRAEL SELLEM/THE JERUSALEM POST)

The National Cyber Directorate (INCD) will be running a nationwide anti-hacking drill this week, which has been declared “Cyber Defense Week.”

According to an INCD statement, the drill will focus on employees from around 20 large organizations who will be targeted with a wide variety of “phishing” hacking techniques by “red teams” working for the INCD to test their readiness.

Those employees who fail the test and click on the problematic link will receive a message that they were caught by the INCD “red teams,” and will be given recommendations for avoiding similar mistakes in the future.

In tandem with the drill, INCD is holding cyberdefense improvement events with around 150 companies, banks and national and local government agencies.

Some of those participating include the Prime Minister’s Office, Israel Police, the Foreign Ministry, the Interior Ministry, the Electric Corporation, Partner, Phoenix, Armor IT & Security Ltd. and CyberArk.

  IDF soldiers compete in a multinational Capture the Flag cyber drill. (credit: IDF SPOKESPERSON'S UNIT) IDF soldiers compete in a multinational Capture the Flag cyber drill. (credit: IDF SPOKESPERSON'S UNIT)

All of this comes against a background in which the INCD said it received more than 2,500 reports of broad phishing “events.”

Each event might include tens of thousands to hundreds of thousands of individual incidents of phishing against Israelis across the country.

“Phishing attacks are simple and easy to implement as they exploit errors that are part of human nature,” said INCD official Nitzan Amar. “The attacks have gotten more sophisticated and harder to identify, but using certain signs and simple tests, it is possible to avoid falling for them. Increasing awareness and acting based on proper guidance are the key to blocking the next attack.”

Key recommendations for avoiding phishing attacks include avoiding out-of-place overly informal messages, unofficial websites and email senders, senders with spelling errors in their addresses, requests for personal information via link or the downloading of an application, imposing pressure and immediate deadlines, and promising prizes or incentives.

Since spring 2020, when INCD chief Yigal Unna said “cyber winter” had arrived much earlier than expected, Israel’s water sector, multiple government agencies, top insurance companies and even well-defended companies like IAI have been successfully hacked.

Some of the hackers have been Iranian or other nation-state actors, but some have been increasingly sophisticated criminal hackers.