Israel’s Cyber Defenses Protect Government Sites from 44 Million Attacks

As Israel’s Iron Dome missile defense shield blocks hundreds of incoming missiles from hitting their target, their cyber defense is also hard at work blocking millions of incoming cyber attacks. There have been millions of hacking attempts against government sites that have been intercepted with reportedly only one successfully taking down it’s target. And that for only a few minutes.

Israeli finance minister Yuval Steinitz told reporters that Israel is facing a second front in the battle with Hamas, a wave of cyber attacks. According to Steinitz, Israel’s cyber defense “deflected 44 million cyber attacks on government websites. All the attacks were thwarted except for one, which targeted a specific website that was down for six or seven minutes.”

Of the 44 million attacks:

  • The majority targeted military sites
  • 10 Million attacks targeted President Shimon Peres’s website
  • 7 Million against Israel’s Foreign Ministry
  • 3 million against Benjamin Netanyahu’s site

“The ministry’s computer division will continue to block the millions of cyber attacks” Minister Steinitz said adding, “We are enjoying the fruits of our investment in recent years in developing computerized defense systems.

But apparently, their defense does not defend against Denial of Service attacks as many Israeli sites still appear to be unavailable due to high traffic as this current screenshot of the President’s website shows:

And the Blog of the Israeli Defense Force seems to be offline. This is odd as it is protected by CloudFlare, a company that helps block Denial of Service Attacks :

Israel’s Iron dome is a missile defense shield that works very well. Hamas terrorists have fired approximately 1,000 missiles at Israeli cities. Of these, Iron Dome has successfully intercepted 90% of the projectiles that would have hit populated areas:

We’ve got about a 90% success rate,” he says, proudly giddy. “This is unprecedented in history.” It’s also impossible to confirm, but the lack of Israeli casualties suggests Iron Dome is the most-effective, most-tested missile shield the world has ever seen.

But Israel knows that they must do something about the cyber attacks. The hacker group Anonymous claims to have taken down about 700 Israeli websites, defaced over 100 and apparently wiped Jerusalem’s Bank database(which has since been restored).

Israel is in the process of creating a “Digital Iron Dome”, which according to Prime Minister Benjamin Netanyahu will protect them against future cyber attacks:

Every day, many attempts are made to infiltrate Israel’s computer systems,” the prime minister warned. “Just as we have the Iron Dome against missiles and the security fence against infiltrators and terrorism, we will have a similar protection against cyber-attacks.

Defense will help against incoming attacks, but don’t forget that Israel also has offensive cyber capabilities. The country that helped develop “Stuxnet” is not toothless in the realm of cyber attack. One can safely assume that Israel is tracking the sources of these attacks and will deal with them as they see fit.


US Gas Pipeline Companies Currently Under Major Cyber Attack

Natural Gas Pipeline companies are currently facing a major targeted phishing attack from a single source according to the Christian Science Monitor. The attacks that seemed to have begun in December 2011 have caused the DHS to release three amber alerts, and the ICS-CERT team to release an incident response report on Friday:

That fact was reaffirmed late Friday in a public, albeit less detailed, “incident response” report from the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), an arm of DHS based in Idaho Falls. It reiterated warnings in the earlier confidential alerts made directly to pipeline companies and some power companies.”

The incident response report explained that an analysis of the attacks shows that attacker was using a “spear-phishing” technique:

Analysis of the malware and artifacts associated with these cyber attacks has positively identified this activity as related to a single campaign from a single source. It goes on to broadly describe a sophisticated “spear-phishing” campaign – an approach in which cyber attackers attempt to establish digital beachheads within corporate networks.”

Natural Gas companies in the US and Canada seem to be the focus of the attacker and according to the article, some of the intrusion attempts may have been successful:

Multiple natural gas pipeline organizations have reported either attempts or intrusions related to this campaign.

Spear-phishing is an attack where the attacker researches certain individuals at a company using both online public and private resources. Public corporate news is analyzed, as well as individual’s social media sites, like Facebook and LinkedIn. The information gained is them used in a social engineering attack, usually a specially crafted e-mail that contains malicious links or attachments.

When the target runs the attachment or clicks on the link, remote access to the target’s computer is obtained or the attacker could harvest credentials or other pertinent information.

It is too early to tell who is responsible for these intrusions, but with the current concern of SCADA and public infrastructure attacks, it will be interesting to see which country or entity is behind this attack.