Cybersecurity chief analyzes Iranian, Hezbollah cyber threat | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware

Israel National Cyber Directorate Chief Gaby Portnoy discussed what a joint Iranian and Hezbollah October 7-level cyberattack on Israel will look like at the Cybertech Conference in Tel Aviv on Tuesday.

Portnoy said that Tehran and the Lebanese terror group had already tripled the pace of their attacks on the Jewish state since October 7.

In addition, Portnoy said that the Islamic Republic and Hezbollah have unified their efforts more strongly in order to launch cyberattacks on a myriad of sectors that they had not previously reached.

According to the INCD chief, “When [Hamas Gaza chiefs Muhammad] Deif and [Yahya] Sinwar succeeded at undermining the physical security of Israelis, at the same time, the Supreme Leader [Ali] Khamenei ordered all-out cyberattacks from Iran and Hezbollah around the clock against Israel.”

The intensity of cyberattacks has increased

Portnoy added, “The intensity of cyberattacks is higher than ever before, at least three times higher, and now with attacks in every Israeli sector.”

Gaby Portnoy at the CyberTech 2024 Conference on April 8, 2023 (credit: CYBERTECH)

On Monday, the INCD named Iran and Hezbollah responsible for the cyberattack last month against Safed’s Ziv Medical Center.

“The cooperation between Iran and Hezbollah increased during the war, including the coordinated attack against the Ziv Medical Center in Safed.”

The directorate said that the goal was not only to obstruct the hospital’s operations but to damage Israel’s general resilience mid-war, mainly while hospitals were overloaded with patients.

He noted that Iran’s Intelligence Ministry led this attack.

In December 2023, the INCD identified the hacker group that attacked the hospital as AGRIUS, which is connected to the Iranian Intelligence Ministry. The group also worked with the Hezbollah-linked group, Lebanese Cedar, whose leader has been identified as Mohammed Ali Marai.

The hack was partially successful. The hackers broke into the hospital’s information systems to access patients’ sensitive, personal details and then released this data online.

However, the hospital and INCD succeeded in blocking the hackers from interfering with the hospital’s general operations.

Although the hospital was temporarily disconnected from many of its electronic services and had to rely on traditional backup systems to keep ongoing records, none of the healthcare facility’s actual medical equipment was compromised at any point.

The directorate added that it previously obtained a court order that remains in force, which prohibits publicizing any of the stolen personal data on any websites which Israel has sovereignty over. It also succeeded in compelling sites to take down some of the personal data shortly after the information was published.

The INCD did not explain why the hackers prevailed in penetrating the hospital’s information security systems or what the damage impact assessment was on the data that had already been leaked.

Close to the directorate’s announcement, and in a not-so-secretive presumed response from Israel to Iran, a hacktivist group called the Predatory Sparrow (Gonjeshke Darande in Persian) claimed that it had disabled the majority of gas stations across Iran in a cyberattack.

“We, Gonjeshke Darande, carried out another cyberattack today, taking out most of the gas pumps throughout Iran. This cyberattack comes in response to the aggression of the Islamic Republic and its proxies in the region. [Iranian Supreme Leader Ali] Khamenei, playing with fire has a price,” the group wrote in a statement.

“A month ago, we warned you that we’re back and that we will impose cost [sic] for your provocations. This is just a taste of what we have in store,” added the group, attaching screenshots of documents they claimed to have acquired from the affected gas stations’ servers.

The hacktivist group has previously claimed responsibility for cyberattacks targeting gas stations, the railway system, and steel plants in Iran.

Iran has accused the Mossad of being connected to some of these cyberattacks, and some Israeli officials have unofficially confirmed the Jewish state’s involvement in some of them – off the record.

More recently, Israel has accused Iran and its proxies of hacking into the Israeli Justice Ministry as well as other hybrid cyber-physical attacks and for a variety of disinformation and social media influence campaigns.


Click Here For The Original Source.

National Cyber Security