Iranian cyber-attackers trying, and so far failing, to create panic in Israel

“Capabilities are always developing, for attackers and defenders.”

By Yaakov Lappin, JNS

Iranian cyber-attackers targeting Israel have focused on trying to create panic; however, they have not activated advanced cyber-attack capabilities, say observers in Israel while cautioning that the hostile actors will continue to search for new vulnerabilities.

This month, Iranian cyber-attackers reportedly activated rocket sirens belonging to municipal authorities in Jerusalem and Eilat, as well as targeting the emails of senior Israeli and American officials and executives.

In November, a series of cyber strikes targeted Iranian gas stations and highway signs across the country, reportedly disabling every gas station in the country, while hijacking displays and screening subversive anti-regime messages.

As such, it appears as if the Israeli-Iranian shadow cyber war has no end in sight.

Israel’s National Cyber Directorate, set up in 2012 (originally known as the National Cyber Bureau), is a regulator that ensures that critical private- and public-sector websites are protected, and defines the minimum levels of protection needed for all critical infrastructure and private-sector companies.

“Specifically, the hacks targeted public-address systems in Jerusalem and Eilat,” said Omree Wechsler, a senior researcher at the Blavatnik Interdisciplinary Cyber Research Center, at Tel Aviv University.

“As a clear Israeli symbol, it shows that this is an opportunistic attack, and not a sophisticated and well-planned attack launched years ago; the hackers attacked where they found loopholes,” Wechsler said.

“Since many cyberattacks in the world are focused on financial or espionage targets, the Iranian activity against Israel is in accordance with the pattern of causing damage or creating panic. Such attacks are common and part of a daily routine that includes thousands of attempts to hack into any system or server whose damage would cause media coverage, in contrast to the espionage activity that also takes place every day,” he stated.

‘Room for improvement in all of the spheres’

Professor Col. (res.) Gabi Siboni, an expert on cyber security, military strategy and technology at the Jerusalem Institute for Strategy and Security, told JNS he assesses that “Israel has a well-oiled system for dealing with these threats and which maintains readiness. Of course, there is no immunity, and it is always possible for the attackers to locate a breach and enter through it.”

Siboni, who serves as a senior consultant to the Israel Defense Forces and other Israeli security organizations, said it was important to remember that “it is not just government systems that can be attacked—civilian systems can be harmed, and significant damage can be caused,” he noted, referring to the 2020 ransomware attack on Shirbit, an Israeli insurance company, which proved highly damaging.

“Although the Israeli state defense system also touches on civilian systems, the civilian sphere is independent and more sensitive,” he said. “There is always room for improvement in all of the spheres.”

Wechsler said that when evaluating Israel’s readiness for these kinds of attacks and in the wider context of Iranian cyber attacks, one must differentiate between critical infrastructure on one hand and the private sector and local municipalities on the other.

“it is important to draw a line between the defenses applied to military systems and installations; critical infrastructure, of which Israel was the first nation to acknowledge the importance of protecting in cyberspace; and the situation in the private sector and the local municipalities,” Wechsler said.

“Critical infrastructure, the attacking of which can cause physical damage, is subject to the direction of the National Cyber Directorate and is therefore well-protected.”

He noted that “the same is true for military and national security systems. These attacks on the municipal address systems indicate a gap in awareness, regulation and enforcement when it comes to the cyber security of these entities. The same is true for many private organizations, especially small and medium businesses, where there is no agency that can enforce and oversee security procedures.”

Asked to comment on reports in the international media on alleged Israeli cyber-offensive operations against Iran, Siboni said he is seeking to understand Israel’s overall strategy in this campaign. “Two sides exchange blow, back and forth, but what is the strategy in this context? I always ask this question, and here I don’t know what the answer is,” he acknowledged.

According to Wechsler, “Israel is considered to be a sophisticated cyber actor across all domains, such as cyber defense and intelligence collection, and having a flourishing local cyber ecosystem. From what was revealed through the years, Israel also ranks very high in offensive cyber capabilities and has demonstrated much more advanced capabilities than Iran in that field.”

“While we can certainly assume an extensive use of these capabilities for intelligence-gathering, disrupting attacks from [reports on the] Stuxnet [cyber attack on Iranian centrifuge machines] in 2010 to the attack that targeted the Shahid Rajai port in Bander Abbas [Iran] in May 2020 show that Israel allegedly uses its capabilities to disrupt and degrade Iran’s nuclear plan, which Israel views as an existential threat,” said Wechsler.

“We cannot rule out the sabotage of other [Iranian] plans, such as ballistic missiles and advanced drones, and [Israeli] retaliation against attacks that targeted its own critical infrastructure.”

Looking ahead, both Siboni and Weschler agreed that quantum computing would represent breakthroughs in cyber-warfare capabilities.

“Capabilities are always developing, for attackers and defenders,” said Siboni. “I do not see a major breakthrough unless we get into the exotic area of quantum computing, which will likely happen in the foreseeable future. Until then, each side will improve incrementally, finding weaknesses and acting on them.”

Wechsler said that “advances in cyber threats and capabilities are bidirectional.”

“On the one hand,” he explained, “it is no secret that states invest many resources in order to develop more advanced capabilities to apply for intelligence-gathering and as part of their militaries’ toolbox.”

But Wechsler added, “On the other hand, the more digital and connected we become, the more susceptible we are to these threats. Trends such as ‘connect everything’ and the Internet of Things (IoT) expand the attack surface, whereas emerging or future technologies, such as artificial intelligence and quantum computing are expected to boost both defensive and offensive capabilities by adding more computation power and automation.”

However, the same technologies could, he assessed, also boost security, adding that “with the right regulations, principles and norms, we could also mitigate many of the risks.”