Israeli government websites offline due to a massive DDoS attack

Websites offline due to the biggest cyber attack confirmed by the government officials

DDoS attack took Israel government sites offline

The denial-of-service attack on Monday caused a number of websites of the Israeli government to get offline. Rendering portals were inaccessible for a while, and it seems that the attack was the largest in the history of Israel.^[1] The issue was reported immediately by the Israel National Cyber Directorate, and the report also stated blocked access to several sites. Normal activities were quickly returned.^[2]

A denial-of-service attack is an attempt to hamper the normal traffic of a particular server or service.^[3] This is the malicious attack achieved by overwhelming the victim and surrounding infrastructure with flood and junk traffic. This is the way to leverage compromised computers and IoT devices as sources of traffic.

Various media sources reported that the sites belonging to the health ministry, interior, justice, and welfare ministries got targeted. It is considered to be one of the largest cyberattacks launched against the Israeli government. The attacker is not identified, and official sources do not speculate. However, it is believed that the attack was helped by a large organization or a state-backed^[4] threat actor.

Jerusalem Post threat actors might be responsible

Sources did not confirm the responsible attacker, but the hacker group Jerusalem Post took the blame for the DDoS attack that affect the bundle of government sites.^[5] The specific threat actor group might be linked to the incident. The attack also disrupted non-governmental sites.

Israel is often a target of Iran-affiliated hacking groups that have a long history of involving DDoS attacks and more destructive tools in their campaigns. Israel often is accused of loving these attacks against Iran since the country is one of the biggest regional rivals.

This attack might be a retaliation for the alleged Israeli operation against the Iranian nuclear facility. This was not confirmed, however. It is believed that Iranian government-linked hackers use the conflict in Ukraine as the cover for their malicious cyber-activity right now.

DDoS attacks: common features

DDoS attacks are commonly used when the threat group wants to disrupt services or site performance. Devices used to achieve the disruption can be balled botnets, and once those have been established, the attacker can direct the attack by sending instructions remotely. Bots send requests to the IP addresses of the targeted system and cause server or network failure.

These attacks can be identified by the suspicious amounts of traffic from a single IP address or range, a flood of the traffic from users with similar device type or location. Other symptoms might include an unexpected surge in requests to a single endpoint and odd traffic patterns or spikes at odd hours.

The main issue with such attacks is the goal of the hacker behind the denial-of-service incident. Hackers can target the service and want to stop particular sites from running. Other attacks might utilize weaknesses of the protocol stack and make the target inaccessible.

Generally, these attacks are used by threat actors and hackers to slow down or take the website completely down. It is mainly the type of revenge or a thing done out of spite. It is not the financially motivated attack or cyber espionage campaign, malware deployment. It is then linked to political statements.