Five years ago, a “hacktivist” group of cyber-disruptors united to attack the Internet infrastructure and websites of the State of Israel. The initial date of that attack was the 7th of April 2013, the eve of Israel’s annual Holocaust Memorial Day, and they have continued to target Israel every year on the anniversary of that first attack. The hackers hide behind the name “Anonymous”, which in effect means nothing at all, as anybody can claim that name. In reality, the people behind the hacking operation, now known as #OpIsrael are random attackers with their own agenda who perform cyber attacks from all over the world. The name “Anonymous” is used to make it appear vague yet very organized to emphasize that it poses a significant threat to any organization or country that it targets. In recent years, the #OpIsrael event has not been able to cause any significant damage and has been assessed by the Israeli Government’s National Cyber Bureau and leading security experts as a failure. Yet, every year, #OpIsrael promises to launch an April 7th attack that could severely impact Israel’s Internet infrastructure.
Nevertheless, the threat is real. In previous years, on the 7th of April, the #OpIsrael attack managed to deface several Israeli websites by swapping their home pages with political statements. They also tried to steal sensitive data from banks and government offices and expose them. Additionally, they initiated orchestrated DDoS attacks against several government institutions and industries in Israel. Further attack attempts included database hijacking, database leaks, and admin panel takeover.. A list of targets as well as suggested attack vectors are published openly on the Internet.
The problem with these attacks is not only the direct targets that they hit, but also the collateral damage they can cause by congesting available bandwidths on large segments of the network. And ultimately, if successful, #OpIsrael aims to “erase Israel from the Internet”, which has become the rallying call for this band of cyber criminals.
The good news is that the public declarations result in these attacks being anticipated, and the majority of those sites targeted by Anonymous are well prepared in advance. And while, in the past, network bandwidth available in Israel was regularly exhausted, even by normal usage, because the 4 Tbps MedNautilus cable was the only connection to the outside world, the situation today has improved dramatically. New, high-bandwidth undersea cables like the JONA and Tamares cables, both deployed in 2012, have added a further 55 Tbps of bandwidth, and these have since begun to take over large parts of Israel’s Internet connectivity. Today, there is much more effective headroom to deal with attack traffic.
Because of the political situation in the region, all cables have landing points in Europe only, so that all Internet traffic leading into Israel passes through the major networking hubs in France, Netherlands, Germany, and England. This is why Israeli Internet Service Providers are deploying comprehensive security and anti-DDoS solutions, like Allot’s DDoS Secure, in Frankfurt, London, and other places in Europe to mitigate attacks even before they enter Israel. For the past several years, we’ve seen the #OpIsrael attack on April 7th, and these attacks were successfully intercepted prior to causing significant damage.
But there is a new threat on the horizon: As IoT devices are becoming increasingly more popular, the numbers of these devices are growing and they have therefore become more attractive targets for attackers. They are often hacked to become parts of huge botnets that help to intensify DDoS attacks like the ones employed by #OpIsrael.
This trend can also increase the number of rogue devices within an operator’s network. The visibility of traffic anomalies, such as those revealed by Allot’s IoTSecure, is key to identifying these devices and stopping attacks early on, at the source. Attacks that originated from bots within the network cannot be mitigated at the borders and require a different defense strategy.
Hacktivists are a phenomenon that will not cease to exist any time soon, but there are ways to protect your network and infrastructure against such attacks: Make sure to secure your web applications and use comprehensive solutions to maintain connectivity and Quality of Service not only during attacks, but as standard protection for the network. After taking these precautions, then you can lean back and enjoy the show!