Israeli cybersecurity company Check Point Software Technologies Co., Ltd. (NASDAQ: CHKP) Israel reportedly saw a spike in cyberattacks in the second quarter of 2024, with an average weekly number of attacks reaching 2,278. This is 81% higher than in the corresponding quarter of 2023, and 33% higher than in the first quarter of 2024. The average weekly number of cyberattacks in the second quarter was 39% higher in Israel than the global average.
Education, Communications and Consulting
The education sector suffers more than any other sector from cyberattacks. The largest increase compared to last year was in the transportation sector, up 263% from last year, while the government and defense sectors are the most affected by ransomware attacks, accounting for 17% of published attacks. In July, an average of one in 26 organizations was hit by a ransomware attack in Israel every week.
According to data from the National Cyber Security Center, after the outbreak of the war last October, we saw a 20% increase in the number of reports of ransomware attacks. The center estimates that more than 100 different entities suffered from ransomware attacks in Israel.
Who realized the opportunity?
“Even in normal times, Israel is a country with an above-average number of attacks because it is a highly advanced and digital country,” Gil Messing, Check Point’s chief of staff and global head of corporate communications, told Globes. “Israel attracts a lot of attention from a variety of attack groups, both economic and political. Since the war, the rise in cyberattacks in Israel represents one of the largest increases in cyberattacks of any country.” According to Check Point data, the two countries that emanate the most attacks from their territory are Russia and Iran.
Messing reports that the number of attacks on Israeli organizations doubled in the first six months of the war. “We already saw 2.5 more attacks per week than before the war,” he says. “This is tens of percent higher than the global average.” But why is this happening? “The political parties that are attacking Israel have been joined by more important forces, led by the Iranian regime and Hezbollah, as well as activist groups from around the world—there are more than a hundred such groups working together,” says Messing. The groups that attack Israel for financial reasons have never backed down, he explains, and now feel “that there is an opportunity to attack Israel and make a financial profit.”
Related Articles
Update on the Globes cyber attack
Outsourced attacks
Check Point identifies more ransomware attacks than data or identity theft. “As is always the case with cyberattacks, when there is a successful attack that gains public attention, it invites other actors to try to attack, and oftentimes the information leaked from one attack feeds into the next attack that uses that information,” says Messing. “So we’re in a vicious cycle of attacks feeding into themselves, and the numbers are increasing exponentially, in a continuing and worrying trend.”
Who are these attackers? Ronen Ahdut, COO of Cynet Security, explains that today there is a decentralization in this area, so it is difficult to identify the attacker. “For example, in ransomware incidents, we know that most of the groups come from the former Soviet Union. We know this because their laws state that it is forbidden to attack countries in the former Soviet Union. On the other hand, regarding the attacks in Israel against hospitals, these are ideological attackers who could be Palestinian or Iranian, like Sudan for example. They give the tools and training to teach young attackers how to make noise.”
According to Ahdut, today there is something called “ransomware as a service” (RaaS), where attackers provide tools to ideological groups. “The attackers build the infrastructure and offer it to anyone who wants it. Most often, there is a split of the reward or ransom payment, which is usually 80% for those who bought the services and 20% for those who offered them. This is a win-win situation.”
How to protect assets
Messing explains that every organization and company in Israel should understand the risks of a cyber attack and check their preparedness. “Because it’s only a matter of time before they try to attack, and it may already be happening.” According to Messing, an examination should be conducted to check how the organization’s important assets are protected, whether software is updated, where important information is located and whether it is backed up. In addition, is there a backup and recovery plan in place in case of an attack.
“What is important in organizations is awareness,” Ahdut adds. “If we were usually the target of attackers, now we are even more vulnerable. If in the past many said, ‘What will they take from me?’, they may find themselves under attack. “In addition, it is important to understand within organizations that a cyberattack is not only carried out against the CEO or against the IT department, but that everyone in the organization has a responsibility and everyone must be aware of this issue.”
Organizations should make sure that their computers are up to date and using version updates, says Ahdout. “In our research and various data, you can see that if a new vulnerability is released and the attackers use ransomware, it takes an organization anywhere from one to 24 hours to implement that new vulnerability, so it’s very important to stay up to date with everything that’s being used.” According to him, one of the main issues is that many organizations are using servers or operating systems that are not supported by Microsoft.
“This means they are not receiving important release updates.”
Full Disclosure: As previously noted, approximately three weeks ago, a sophisticated international economic criminal gang, known to authorities, launched a cyberattack on Globus’ computer systems. The attack was accompanied by a ransom demand, but as a media organization that advocates transparency and non-cooperation with criminals, we made the decision not to pay the ransom or negotiate with the perpetrators. Since the attack, Globus, along with its cybersecurity experts and consultants, has invested significant efforts and resources in dealing with the aftermath of the event and maintaining current activity, as well as ensuring that the relevant authorities, customers, suppliers, employees, and the public are informed and notified.
This article was published in Globes, Israeli Business News – en.globes.co.il – on August 8, 2024.
© Copyright Globes Publisher Itonut (1983) Ltd., 2024.