Trusted Internet on Cyber Risk resulting from the Israel-Hamas War 

As kinetic attacks dominate the Israeli-Palestinian battlefield, the threat of cyberactivity and opportunistic hacktivism looms large for those who may be viewed as sympathetic or directly supporting either side, driven by decentralized threat actors operating under individualized command and control. 

Trusted Internet identifies three key communities that we expect will bear the brunt of cyber risk: 

  • Members of the defense community supplying support to Israel. 

  • Individual supporters who donate funds and resources to either side. 

  • Opportunistic attacks from decentralized groups of attackers. 

Numerous hacktivist groups are working to target Israeli organizations and those who support Israel. AnonGhost, Anonymous Sudan, Cyber Av3ngers, Team Herox, Ghosts of Palestine, Panoc team, Muslim Cyber Army, StarsX Team, the Cyber Army of Russia, and the notorious Killnet, a Russian hacker group, all have a desire to attack Israel and those who supply assistance. Dozens of groups have all set their sights on Israeli and Israeli supporting targets. One, ThreatSec, has successfully compromised all servers of Alfanet.ps, a major internet service provider in the Gaza Strip.  

The Trusted Internet daily summary report, taken from activities noted in our portfolio of defense-related companies and high-net-worth residential clients, is showing significant increases, not in volume but rather in severity and targeting. In the last seven days, our Cyber SOC (Security Operation Center) has seen an uptick in botnet activities, including a resurfacing of Xtreme.RAT, a Remote Access Trojan designed for stealing information, was previously used in cyberattacks directed at Israeli and Syrian targets after having been silent on our radar for over a year. 

Although significant attacks are not yet reported routinely, the risk will heighten with further escalation. Additionally, there is the possibility of an increase in Advanced Persistent Threats (APTs) linked to the war and independent actors exploiting the chaos for their malicious activities. Our list of botnet activities suggests not only targeted but also opportunistic attacks using not only Xtreme but also SystemBC, Mirai, and Bladabindi.Botnet. SystemBC is a commodity malware backdoor that serves as a TOR (The Onion Router) proxy and remote control toolkit. It is favored by cybercriminals responsible for high-profile ransomware campaigns. And previously, on any given day, we’d see Gh0st, Mirai, Bladabindi, and sometimes ZeroAccess. Now, however, it’s interesting to see that we’re seeing SystemBC (used to hide the identity of the attacker) and Xtreme (used previously to attack Israeli targets. The chances of a successful opportunistic breach because of weaponized code being sent into the warzone are growing daily.  

The situation is dynamic, requiring proactive security measures to safeguard critical assets and ensure business continuity. To that: 

  • Trusted Internet has named two additional senior Virtual Chief Information Security Officers (Virtual CISO™) to assist in our professional oversight and risk management of the evolving threat. Lou Saviano will oversee eastern seaboard clients and Tom Siu, midwestern markets. 

  • Trusted Internet SOC has beefed up intelligence collection and analysis, supporting through the addition of a senior APT (government-sponsored espionage)-hardened technical information security analyst in the SOC and, beginning Monday, an added Geopolitical analyst. 

  • Last, Trusted Internet has added two new tools to the mix that allow our analytic team larger correlation perspectives of multi-source data, including converged physical and cyber security indicators. 

Trusted Internet; 24x7 Secure Internet Solutions. 

For more information, contact Trusted Internet for a consultation with one of our Virtual CISOs™ at staysafeonline@trustedinternet.io