A massive distributed denial-of-service (DDoS) attack forced Israeli officials Monday to temporarily take down several government websites and to declare a state of online emergency to assess the damage and begin investigating who was behind the incident.
In a tweet, the Israel National Cyber Directorate said it had detected the DDoS attack against a communications provider and that several websites had been taken down, though all have since resumed normal activity.
According to internet watchdog NetBlocks, the attacks targeted Israeli telecom providers Bezeq and Cellcom and hit multiple networks run by the companies.
Officials are still sorting out what happened, but an unnamed source within the country’s defense establishment told the Haaretz daily news agency that it was the largest cyber attack ever against Israel and that a nation-state actor or a large organization carried it out, although they haven’t pinpointed who was behind it.
The country’s defense community told Haaretz that the attack targeted websites using the .GOV.IL domain, which is used for every government website except for those related to defense.
The Jerusalem Post quoted two cybersecurity experts – Rafael Franko, a former senior cyber authority official and founder of security firm Code Blue, and Ram Levi, founder and CEO of cybersecurity company Konfidas – who theorised that the attack came either from a threat group linked to Iran or the country itself.
Israel and Iran have been in a long-standing cyberwar and daily newspaper The Jerusalem Post said some unnamed officials were speculating that the DDoS attack was in retaliation for an alleged attack by Israel’s Mossad agency on the Fordow nuclear enrichment site. Iran is accusing Israel and Mossad of attacking the site, though there has been no independent confirmation.
The state of emergency reportedly is giving Israeli investigators time to study not only the extent of the damage caused by the attack but also checking on critical infrastructure organizations like the country’s electric and water companies. The government’s health, interior and justice ministries and the prime minister’s office were all down for a while during the attack.
DDoS attacks are designed to send huge amounts of traffic to websites, essentially overwhelming their capacity handle the messages and making it impossible legitimate users to access them. Attackers at times will demand a ransom from the target before turning off the attack.
The number of such attacks continue to grow. According to cybersecurity vendor Kaspersky, the number of DDoS attacks in the fourth quarter 2021 jumped 52 percent from the previous quarter and was 4.5 times year over year.
A flaw in some of Mitel’s MiCollab and MiVoice Business Express collaboration platforms was exploited recently to launch amplified DDoS attacks that could achieve an amplification factor almost 4.3 billion to one, potentially enabling a single malicious packet to bring down a target’s network. ®