Israeli cybersecurity company Check Point Software Technologies Ltd. (Nasdaq: CHKP) reports that in the second quarter of 2024, Israel experienced a surge in cyberattacks, with the average weekly number of attacks reaching 2,278. This figure is 81% higher than in the corresponding quarter of 2023, and 33% higher than the first quarter of 2024. The average weekly number of cyberattacks in the second quarter was 39% higher in Israel than the global average.
Education, communications and consultancy
Education suffers more than any other sector from cyberattacks. The largest increase compared with last year has been in the transportation sector, with an increase of 263% from last year, while the government and defense sectors are the most affected by ransomware attacks, with 17% of published attacks. In July, on average, 1 out of every 26 organizations experienced a ransomware attack in Israel each week.
According to data from the National Cybersecurity Center, following the outbreak of the war last October, there was a 20% increase in the number of reports of ransomware attacks. The center estimates that more than 100 different entities have suffered from ransomware attacks in Israel.
Who recognized an opportunity?
Check Point chief of staff and head of global corporate communications Gil Messing tells "Globes, "Israel, even during normal times, is a country with an above average number of attacks because it is a very advanced and digital country. Israel draws a lot of attention from diverse attack groups, both economic and political. Since the war, the increase in cyberattacks in Israel represents one of the steepest increases in cyberattacks compared twith any other country." According to Check Point data, the two countries that export the most attacks from their territory are Russia and Iran.
Messing recounts that in the first six months of the war, the number of attacks on Israeli organizations doubled. "We already have 2.5 more attacks each week compared to the period before the war. This figure is tens of percent higher than the world." why is it happening? According to Messing, "The political parties attacking Israel have been joined by more significant forces, led by the bodies of the Iranian regime and Hezbollah, as well as activist groups from around the world - there are more than a hundred such groups, working together." He explains that groups that attack Israel from financial motives, never took their foot off the gas, and they now feel "that there is an opportunity to attack here and make a financial profit."
Attacks through outsourcing
Check Point identifies more ransomware attacks than attacks to steal data or identities. Messing says, "As always in cyberattacks, when there is a successful attack that receives public attention, it invites other parties to try and attack, and oftentimes information that leaks as a result of one attack feeds the next attack that makes use of this information. Thus we are in fact in a vicious circle of attacks that fuels itself, keeps getting stronger, and the numbers are just skyrocketing, in a disturbing ongoing trend."
Who are those attackers? Cynet Security head of CyOps Ronen Ahdut, explains that today there is a decentralization in the field, so it is difficult to put a finger on the identity of the attacker. "For example, in ransomware incidents, we recognize that most of the groups come from the former Soviet Union. We know this because their laws state that it is forbidden to attack countries in the former Soviet Union. On the other hand, as far as attacks in Israel against hospitals are concerned, these are ideological attackers who can be Palestinian or Iranian, Like for example Sudan. They give the tools and the training to teach the small attackers how to make noise."
According to Ahdut, today there is what is called Ransomware as a Service (RaaS) - the attackers offer the tools to ideological groups. "The attackers build the infrastructure and offer it to anyone who wants it. Most of the time there is a division of the reward or payment of the ransom, which is usually 80% to those who purchased the services and 20% to those who offer them. It is profitable for both parties."
How to protect assets
Messing explains that every organization and company in Israel must understand the dangers of a cyberattack and check if they are prepared. "Because it's only a matter of time before they try to attack them, and maybe it's already happening right now." According to Messing, an inspection should be run that examines how the organization's important assets are protected, whether the software is updated, where the critical information is located and whether it is backed up. In addition, is there a backup and restoration plan in case of an attack.
Ahdut adds, "What is important in organizations is awareness. If we are normally a target for attackers, in the current period we have become even more so. If in the past many said 'what will they take from me?', they can find themselves under attack. "In addition, it is important to understand within organizations that the cyberattack is not just carried out against the CEO or against the IT division, but everyone in the organization has a responsibility and everyone should be aware of the issue."
Ahdut says that organizations should check that computers in the organization are up-to-date and use version updates. "In our research and various data, you can see that if a new vulnerability is released and attackers use ransomware, it takes an organization between an hour and 24 hours to implement this new vulnerability, so it is very important to stay updated on all the things that are being used." According to him, one of the main problems is that many organizations use servers or operating systems that are not supported by Microsoft.
"This means that they do not receive the important version updates."
Full disclosure: As we have previously reported, about three weeks ago a sophisticated international economic criminal gang, known to the authorities, carried out a cyberattack against "Globes" computer systems. The attack was accompanied by a ransom demand, but we, as a media organization that advocates transparency and non-cooperation with criminals, "Globes" made a decision not to pay a ransom nor to negotiate with the perpetrators. Since the attack, "Globes", together with cybersecurity experts and consultants, has been investing significant efforts and resources in dealing with the consequences of the event and maintaining current activity, as well as making sure to report and inform the relevant authorities, customers, suppliers, employees and the public at large.
Published by Globes, Israel business news - en.globes.co.il - on August 8, 2024.
© Copyright of Globes Publisher Itonut (1983) Ltd., 2024.