Cyber attacks in the Israel-Hamas war

By admin

5 min
TIME

read

This post is also available in

Deutsch
ORG

,

Français
GPE

,

עברית
PERSON

and

عربي
ORG

.

On

October 7, 2023
DATE

, at

03:30 GMT
TIME

(

06:30 AM
TIME

local time),

Hamas
ORG

attacked

Israeli
NORP

cities and fired

thousands
CARDINAL

of rockets toward populous locations in southern and central

Israel
GPE

, including

Tel Aviv
GPE

and

Jerusalem
GPE

. Air raid sirens began sounding, instructing civilians to take cover.


Approximately twelve minutes later
TIME

,

Cloudflare
ORG

systems automatically detected and mitigated DDoS attacks that targeted websites that provide critical information and alerts to civilians on rocket attacks. The initial attack peaked at

100k
CARDINAL

requests per

second
ORDINAL

(rps) and lasted

ten minutes
TIME

.

Forty-five minutes later
TIME

, a

second
ORDINAL

much larger attack struck and peaked at

1M
MONEY

rps. It lasted

six minutes
TIME

. Additional smaller DDoS attacks continued hitting the websites in

the next hours
TIME

.

DDoS attacks against

Israeli
NORP

websites that provide civilians information and alerts on rocket attacks

Not just DDoS attacks

Multiple

Israeli
NORP

websites and mobile apps have become targets of various

pro-Palestinian
NORP

hacktivist groups. According to

Cybernews
ORG

,

one
CARDINAL

of those groups,

AnonGhost
ORG

, exploited a vulnerability in a mobile app that alerts

Israeli
NORP

civilians of incoming rockets, “

Red Alert:
WORK_OF_ART


Israel
GPE

”. The exploit allowed them to intercept requests, expose servers and APIs, and send fake alerts to some app users, including a message that a “nuclear bomb is coming”.

AnonGhost
ORG

also claimed to have attacked various other rocket alert apps.

On

October 14
DATE

, we revealed the findings of

one
CARDINAL

of our investigations that was conducted by

the Cloudforce One Threat Operations
PRODUCT

team, who identified malicious

Android
ORG

mobile applications impersonating the legitimate

RedAlert – Rocket Alerts
ORG

application. The malicious apps obtained access to sensitive user information such as mobile phone’s contacts list, SMS messages, phone call logs, installed applications, and information about the phone and

SIM
ORG

card themselves. More technical information about our investigation can be found here.

Screenshot of the malicious site linking to malicious mobile apps

Furthermore,

Cloudflare
ORG

has identified an

Israeli
NORP

website that was partially defaced by

AnonGhost
ORG

. This website was not using

Cloudflare
ORG

, but we have reached out to the organization to offer support.

“Death to all

Jews
NORP

” in a part of a website that was hacked and defaced by

AnonGhost
ORG

Continued DDoS bombardment

In

the days
DATE

following the

October 7
DATE

attack,

Israeli
NORP

websites have been heavily targeted by DDoS attacks. Cloudflare has been helping onboard and protect many of them.

HTTP DDoS attacks against

Israeli
NORP

websites using

Cloudflare
ORG

Since

the October 7, 2023
EVENT

, attack,

Newspaper and Media
ORG

websites have been the main target of DDoS attacks — accounting for

56%
PERCENT

of all attacks against

Israeli
NORP

websites. We saw the same trends when

Russia
GPE

attacked

Ukraine
GPE

.

Ukrainian
NORP

media and broadcasting websites were highly targeted. The war on the ground is often accompanied by cyber attacks on websites that provide crucial information for civilians.

The

second
ORDINAL

most targeted industry in

Israel
GPE

was the

Computer Software
ORG

industry.

Almost 34%
PERCENT

of all DDoS attacks targeted computer software companies. In

third
ORDINAL

place, and more significantly,

Banking, Financial Services and Insurance
ORG

(BFSI) companies were attacked.

Government Administration
ORG

websites came in

fourth
ORDINAL

place.

Top

Israeli
NORP

industries targeted by HTTP DDoS attacks

We can also see that

Israeli
NORP

newspaper and media websites were targeted immediately after the

October 7
DATE

attack.

HTTP DDoS attacks against

Israeli
NORP

websites using

Cloudflare
ORG

by industry

Since

October 1, 2023
DATE

,

Cloudflare
ORG

automatically detected and mitigated over 5 billion HTTP requests that were part of DDoS attacks. Before

October 7
DATE

, there were barely any HTTP DDoS attack requests towards

Israeli
NORP

websites using

Cloudflare
ORG

.

However, on

the day
DATE

of the

Hamas
ORG

attack, the percentage of DDoS attack traffic increased.

Nearly 1
CARDINAL

out of every

100
CARDINAL

requests towards

Israeli
NORP

websites using

Cloudflare
ORG

were part of an HTTP DDoS attack. That figure quadrupled on

October 8
DATE

.

Percentage of DDoS requests out of all requests towards

Israeli
NORP

websites using

Cloudflare

Cyber
PRODUCT

attacks against

Palestinian
NORP

websites

During the same time frame, from

October 1
DATE

,

Cloudflare
ORG

automatically detected and mitigated over 454 million HTTP DDoS attack requests that targeted

Palestinian
NORP

websites using

Cloudflare
ORG

. While that figure is

barely a tenth
CARDINAL

of the amount of attack requests we saw against

Israeli
NORP

websites using

Cloudflare
ORG

, it represented a proportionately larger portion of the overall traffic towards

Palestinian
NORP

websites using

Cloudflare
ORG

.

On

the days
DATE

before the

Hamas
ORG

attack, we didn’t see any DDoS attacks against

Palestinian
NORP

websites using

Cloudflare
ORG

. That changed on

October 7
DATE

; over

46%
PERCENT

of all traffic to

Palestinian
NORP

websites using

Cloudflare
ORG

were part of HTTP DDoS attacks.

On

October 9
DATE

, that figure increased to

almost 60%
PERCENT

.

Nearly 6
CARDINAL

out of every

10
CARDINAL

HTTP requests towards

Palestinian
NORP

websites using

Cloudflare
ORG

were part of DDoS attacks.

Percentage of DDoS requests out of all requests towards

Palestinian
NORP

websites using

Cloudflare
ORG

We can also see these attacks represented in the spikes in the graph below after the

Hamas
ORG

attack.

HTTP DDoS attacks against

Palestinian
NORP

websites using

Cloudflare
PRODUCT

There were

three
CARDINAL


Palestinian
NORP

industries that were attacked in

the past weeks
DATE

. The absolute majority of HTTP DDoS attacks were against Banking websites —

nearly 76%
PERCENT

of all attacks. The

second
ORDINAL

most attacked industry was the Internet industry with a share of

24%
PERCENT

of all DDoS attacks. Another small share targeted

Media Production
ORG

websites.

HTTP DDoS attacks against

Palestinian
NORP

websites using

Cloudflare
ORG

by industry

Securing your applications and preventing DDoS attacks

As we’ve seen in

recent years
DATE

, real-world conflicts and wars are always accompanied by cyberattacks. We’ve put together a list of recommendations to optimize your defenses against DDoS attacks. You can also follow our step-by-step wizards to secure your applications and prevent DDoS attacks.

Readers are also invited to dive in deeper in the

Radar
PRODUCT

dashboard to view traffic and attack insights and trends in

Israel
GPE

and

Palestine
GPE

. You can also read more about the Internet traffic and attack trend in

Israel
GPE

and

Palestine
GPE

following the

October 7
DATE

attack.

Under attack or need additional protection? Click here to get help.

Click here to protect against malicious mobile apps

A note about our methodologies

The insights that we provide is based on traffic and attacks that we see against websites that are using

Cloudflare
ORG

, unless otherwise stated or referenced to a

third
ORDINAL

party source. More information about our methodologies can be found here.