CYE Insights

The Israel-Hamas War’s Impact on the Cyber Threat Landscape

November 1, 2023

The Israel-Hamas War’s Impact on the Cyber Threat Landscape

The Israel-Hamas conflict, characterized by decades of territorial disputes and sporadic outbreaks of violence, has now extended into the digital realm, significantly altering the global cyber threat landscape. As the conflict escalates, both sides are increasingly utilizing cyber tactics to gain strategic advantages, amplifying the complexity of an already volatile situation. This blog will delve into the evolving dynamics of cyber warfare in the context of the Israel-Hamas war, exploring how it has influenced the nature of cyber threats, international norms, and the broader implications for global cybersecurity.

It is clear that Hamas’s attack on October 7 was meticulously planned months in advance. The nature of the execution and the brutality involved strongly indicates the direct involvement of Hezbollah and Iran, including planning, training, and financing. Moreover, the horrific acts carried out in Israel’s south are similar to descriptions of how Iran treats political prisoners, regime opponents, and apostates. This attack ended with the highest number of dead and wounded that Israel has known as a result of terrorism and it is possible that this is one of the largest terrorist acts in the world relative to Israel’s population. These are numbers that Israel and the world will surely remember for years to come: over 1400 murdered, hundreds injured, and over two hundred kidnapped by Hamas, the Islamic Jihad, and Gazan citizens who participated in looting and kidnapping.

The attack, however, extended beyond land. According to Cloudflare, at the same time that Hamas started its attack in the south, it was accompanied by relatively low intensity Distributed Denial-of-Service (DDoS) cyberattacks of about 100 thousand connections per second. These attacks targeted Israeli websites that provide civilians with information and alerts on rocket attacks. Approximately 45 minutes later, a targeted and massive cyberattack began with about a million connection requests per second—an extraordinary intensity that has not been observed to date in similar conflicts with Hamas in the past. Connection requests are attempts to connect to a website, or online service and application. A point attack with the power of a million connection attempts indicates a cyber tool that was believed to be beyond Hamas’s capabilities. This suggests assistance from a state entity or having access to state weapons. Of course, the immediate suspect may be Iran or a more powerful country.

Here are some of the cyber warfare trends we are seeing in the Israel-Hamas war:

Escalation of Cyber Operations

The Israel-Hamas war has witnessed a surge in cyber operations from both sides. Cyberattacks have become an integral component of war strategies, enabling the targeting of critical infrastructure, compromising sensitive data, and disrupting communications. These operations range from DDoS attacks to sophisticated malware deployments, reflecting a concerted effort to exploit vulnerabilities in digital infrastructure.

Erosion of Norms and Rules of Engagement

The integration of cyber operations into the Israel-Hamas war has blurred the lines of traditional warfare, challenging established norms and rules of engagement. The ambiguity surrounding cyberattacks complicates attribution, making it difficult to hold perpetrators accountable. This has been a problem of cyber warfare for years and has led to a hesitancy in defining what constitutes an act of aggression in the cyber domain, creating a potential vacuum in international law.

Escalation Dynamics and Cyber Deterrence

The escalation dynamics in the Israel-Hamas war have introduced a new dimension to the concept of cyber deterrence. Both parties must now consider the potential repercussions of cyber operations, weighing the benefits against the risks of retaliation (like trying to attack critical infrastructure such as water plants and so on). This calculus is further complicated by the asymmetrical nature of cyber capabilities, where non-state actors like Hamas can leverage cyber tools to target more technologically advanced adversaries.

Global Implications for Cybersecurity

The Israel-Hamas war serves as a stark reminder of the global ramifications of localized conflicts in the digital age. The tactics employed by both parties have far-reaching consequences, as cyber threats are not constrained by geographical boundaries. The proliferation of cyber capabilities and tactics witnessed in this conflict underscores the urgency for nations to bolster their cybersecurity defenses and establish international norms to govern cyber operations.

A Polarized World

Perhaps most concerning is that the Israel-Hamas war illustrates a great divide in the world, with Iran, Russia, China, and North Korea on one side and much of Western countries on the other. This is borne out through the Iranian support of Hamas’s horrors, the speculation about Russian intelligence involvement, and the very lukewarm statements of Russia and China. Many countries in between these two camps will need to tread carefully. This polarity will undoubtedly create more conflicts and will greatly affect the day-to-day reality and the cyber landscape around the world and in Israel.

CISOs should be aware that:

  • As these camps grow more polarized and aggressive towards each other, so will hostile cyber activities between the two camps, as well as countries and companies aligned with their respective camps.
  • At the same time, along with a proliferation of capabilities, we see more groups using APT tools, so companies that are connected to either side might face greater risk. This is especially true for supply chain companies related to the defense or civilian industry.
  • Radical camps will often attack civilian companies, sometimes simply to show the Western world that they can.
  • High profile companies in the West should be prepared for an uptick in cyberattacks, because malicious actors are often determined to make their attacks as public as possible.
  • It is crucial to increase cybersecurity awareness throughout organizations and take steps to prevent phishing and detect suspicious behavior.

Clearly, the Israel-Hamas war has evolved beyond traditional warfare, incorporating cyber operations as a vital component of strategic arsenals. This shift has profound implications for the global cyber threat landscape, challenging established norms and necessitating a re-evaluation of international cybersecurity policies. As nations grapple with the complexities of cyber warfare, it is imperative to foster dialogue, establish clear norms, and strengthen cybersecurity defenses to mitigate the risks posed by escalating conflicts in the digital age. Only through concerted efforts can the international community hope to navigate this new frontier of warfare and safeguard the stability of the interconnected world.

Want to learn more about how to improve your organization’s cybersecurity? Contact us for more information.

Elad Leon

By Elad Leon

Elad Leon is Senior CTI Expert at CYE. He is a reserve major in the Israel Defense Forces and has more than a decade's experience working in the defense and intelligence community. He specializes in strategic analysis, operations management, and threat actor engagement.