At a glance.
- Hacktivism and nation-state involvement in the cyber phases of war in the Middle East.
- Following hacktivism on Telegram.
- Russian hacktivist groups squabble online.
- Influence operations and disinformation.
- Healthcare cybersecurity: implications for patient care.
- Looting FTX on the day of its bankruptcy.
- CISA releases two new resources against ransomware.
Hacktivism and nation-state involvement in the cyber phases of war in the Middle East.
The Wall Street Journal reports increased cyberattacks as Israeli forces strike into Gaza in retaliation for attacks by Hamas over the weekend. Most of the offensive cyber action the Journal describes is directed against Israel, and most of it remains the nuisance-level distributed denial-of-service (DDoS) activity that typically characterizes hacktivism. Defacements, another hacktivist staple, have also been observed. Security firm Check Point told CNBC that two smart billboards used for video advertising in Tel Aviv were briefly hijacked Thursday. The attackers “managed to switch the commercials into anti-Israeli, pro-Hamas footage,” CNBC quotes Check Point's Gil Messing as saying. The substituted video showed the Palestinian flag, a burning Israeli flag, and images of the fighting. The incident was short-lived.
The Wall Street Journal also describes threats of more significant cyberattacks. For the most part such threats have been simply that, claims intended to intimidate and inspire fear, but there has been an increase in attempts against infrastructure. So far these have been parried, but the threat remains a concern to Israel, particularly as threat actors more capable than ordinary hacktivists join the action. Security firm Sepio told the Journal that they've seen a rise in activity from Iran and Syria, as well as from Russian hacktivist auxiliaries (including KillNet).
Following hacktivism on Telegram.
Flashpoint researchers conclude that Telegram has become a principal communication channel for Hamas and groups that align themselves with that organization. "Telegram, with its 700 million-plus-strong user base, has evolved into a pivotal communication hub for Hamas and Palestinian Islamic Jihad (PIJ). Its robust privacy and encryption protocols safeguard communications while also providing a covert operational space for militant groups and cybercriminals."
Researchers at Radware outline the course the cyber phases of the war have taken. Radware has been looking at hacktivist claims of DDoS on Telegram, where claimed attacks spiked on Saturday and have remained at elevated levels since then. Target selection, as reported by the hacktivists themselves, concentrated on Israeli government sites (36% of the claims), then on news and media (10%), travel (9%), financial services (5.6%), education (4.2%), and, finally, healthcare (3.5%). The hacktivist groups Radware has observed conducting or at least claiming attacks in support of Hamas include the Indonesian threat actor Garnesia_Team, Ganosec Team (also from Indonesia), the Moroccan Black Cyber Army, Mysterious Team Bangladesh, Team Herox (from India), Anonymous Sudan (which presents itself as a religious and political group from its eponymous country, but which in fact is a Russian auxiliary) and, of course, the Russian group KillNet,
Radware also directly observed a number of DDoS attacks. They ranged in duration from minutes to hours, in some cases up to twenty-four hours. The most common attack vectors Radware saw were: HTTPS Floods, IPv4 UDP Floods, IPv4 UDP-FRAG Floods, IPv4 ICMP Floods, ARMS floods, Chargen Floods, UDP Flood Port 80, TCP FIN-ACK Flood, DNS Amplification flood, and HTTP SYN Floods. In the more successful, longer duration attacks, the operators switched between vectors as their targets adapted to the initial attack.