As tensions escalate between Israel and Iran, a parallel conflict is raging in cyberspace. Both sides have dramatically intensified cyber offensive operations against each other in recent weeks.
Iranian state-sponsored hackers have unleashed a barrage of cyberattacks and disinformation campaigns in response to rising Israel-Hamas tensions, with Iranian advanced persistent threat (APT) groups exploiting the instability.
Hacking groups openly claim on Telegram that they have breached Israeli sites and critical infrastructure like the electric grid, aiming to replicate Russia’s cyber assault on Ukraine. Attempts on industrial control systems have skyrocketed, with critical Israeli infrastructure so far avoiding penetration.
These attacks serve several strategic purposes for Iran beyond the general animosity with Israel. They might aim to pressure Israel during its war against Hamas, perhaps retaliate for claimed covert Israeli cyber and kinetic attacks on Iranian nuclear sites, and affirm Iran’s cyber prowess. For Israel, cyber strikes on Iran’s infrastructure demonstrate military reach and send an implicit warning as nuclear talks continue.
The attacks have taken various forms. Distributed denial-of-service campaigns have disrupted hospitals, businesses, and organizations of all sizes. Supply chain attacks, infrastructure hacking efforts, stolen credential phishing campaigns, and SMS spam have all targeted Israeli systems and citizens.
De-escalating this conflict is crucial to avoid conventional fighting
This builds on 2020 attacks by Iranian hackers against Israeli water treatment plants – a foray into cyber-kinetic attacks with potential real-world impacts.
Iranian APT groups have built a reputation for ransomware, data-wiping malware, DDoS attacks, and rapidly finding ways to exploit software vulnerabilities in unpatched networks. Their goal is to compromise any vulnerable Israeli organization within reach.
However, Iran has endured significant cyber counterattacks from Israel as well. A hacking group that has previously been linked to Israel claimed to have paralyzed 70% of gas stations across Iran in a cyberattack.
Groups previously linked to Israel have claimed responsibility for disrupting operations at Iranian ports, railroads, airlines, and government agencies by hacking their IT systems. These attacks aim not just to steal data or plant malware, but to disable operations.
This escalating exchange of cyberattacks between adversaries with advanced capabilities could have dangerous long-term consequences. As each side ramps up disruptive actions, critical civilian infrastructure is put at growing risk.
It raises the chances of an unintended escalation or a particularly damaging attack that could lead to conventional military retaliation. Finding ways to de-escalate this intensifying secret cyber war will be crucial.
As tensions remain high and the country continues the war against Hamas, Israeli organizations must urgently review incident response strategies and security controls. By working to detect and mitigate incidents quickly, disruptions (when attacks inevitably occur) can be reduced.
With advanced persistent cyber adversaries like Iran, the question is not if attacks will happen, but when – and preparation is the key.
The writer is the president of CyberProof, a UST company.