National Cyber Directorate war room

‘We handled one attack a week—now it’s three a day’: The surge in cyber assaults during the war

From credit card failures to ransomware, companies face rising threats as cybercriminals shift focus from military to economic targets.

Maybe this happened to you yesterday. You completed a purchase at a store, arrived at the register to pay, handed over your credit card, and... nothing. The payment didn’t go through—not because of an issue on your end, but due to a Distributed Denial of Service (DDoS) attack targeting the credit clearing company Credit Guard, which disrupted its services for several hours.
If you found yourself frustrated and feeling déjà vu, there’s a reason: on October 29, a similar attack affected the clearing capabilities of the Shva clearing company, and on August 30, Credit Guard's parent company, Hyp.
These incidents are not isolated. Since the terrorist attack on October 7, there has been a sharp increase in cyberattacks targeting Israel, particularly against business entities. This rise has significantly increased cybersecurity expenditures for companies. The CEO of a major service company told Calcalist that its cybersecurity expenses have risen from a few million shekels to tens of millions annually.
2 View gallery
חמ"ל חדר מלחמה של מערך הסייבר הלאומי
חמ"ל חדר מלחמה של מערך הסייבר הלאומי
National Cyber Directorate war room
(Photo: Oded Karni)
Attacks targeting the economy
"The recent cyberattacks were not directed at the military or security establishment but aimed at Israel’s economy," says Dr. Arik Liberzon, founder and CTO at the cybersecurity company Pentera. "Attackers understand they can cause significant disruption and public unrest by targeting civilian businesses, thereby undermining national security. Despite this, Israel’s preparedness for cyberattacks remains high, and critical infrastructure has not suffered substantial damage."
A surge in attacks
The data confirms a sharp increase in cyberattacks since the outbreak of the war. According to figures provided by the National Cyber Directorate to Calcalist, 1,900 cyber incidents with potential for significant damage were identified in the past year—a threefold increase compared to the previous year. Between October 7 and December 31, 2023, 3,380 cyberattacks were detected, 800 of which were classified as significant threats.
Reports also indicate that 68% of the 13,040 incidents reported in 2023 occurred after October 7. In the second quarter of 2024, Check Point identified 2,278 cyberattacks in Israel, an 81% increase compared to the same quarter in 2023, and 33% more than in the first quarter of 2024. During this time, the weekly average number of attacks in Israel was 39% higher than the global average.
A Pentera survey of 50 information security and IT managers in Israeli companies with over 1,000 employees revealed that 44% experienced a cyberattack since October 7. Additionally, 36% reported a 50% increase in the frequency of attacks, while 8% noted an even greater surge.
New attack patterns
According to cybersecurity experts, attackers have shifted their focus. "There was an expectation of increased attacks on security assets," says Moshiko Hassan, head of the research division at the cyber company Upwind and a retired major in the IDF’s ICT unit. "Instead, many attacks targeted business assets, as these are often easier to compromise. In reserve service, we used to handle one or two major incidents per week. During the war, this increased to three major incidents daily."
The National Cyber Directorate deployed task forces to assist businesses, including construction firms, food retailers, logistics companies, educational institutions, and healthcare organizations. "We helped these entities recover and strengthen their defenses," Hassan says.
2 View gallery
אריק ליברזון חדש
אריק ליברזון חדש
Dr. Arik Liberzon
(Photo: Pentera )
Attack techniques
Tom Alexandrovich, head of the National Cyber Directorate’s technological defense division, outlined common methods used by attackers. "One strategy is exploiting legitimate software or user credentials. Attackers often target businesses that use remote-access software because such tools are considered legitimate and rarely blocked."
Another prevalent method is the use of leaked login credentials, often sold in massive online databases. "Attackers purchase leaked data, filter it by country and organization, and use it to access networks," Alexandrovich explains. "Phishing attacks have also become more sophisticated, with emails appearing highly authentic, particularly in supply chain attacks where compromised companies unknowingly distribute malware to their clients."
DDoS attacks remain popular, overwhelming systems with a flood of requests. These attacks, while not stealing information, can disable services. "Small businesses struggle to defend against DDoS attacks due to the costs involved," Alexandrovich notes.
The role of AI
AI has emerged as a new tool for attackers. "Attackers are using AI to generate code for cyberattack tools," Hassan says. "While AI cannot yet produce tools of elite quality, it is increasingly used to target individuals and small businesses."
Lavi Lazarovitz, Head of Security Research at CyberArk, adds: "AI is being used to write malware and create highly convincing phishing messages, including deepfakes of voices or faces of organizational leaders. This significantly increases the quality and quantity of attacks, leading to more victims."
A recent decline in attacks
Despite the surge, recent months have seen a decline in attacks. "The situation has improved," Hassan says. "Since June, we’ve seen a return to about one significant incident per week. As long as no major new players enter the scene, we expect a relatively quiet year."
This improvement is largely attributed to increased investment in cybersecurity. Pentera reports that 52% of Israeli organizations increased IT spending in 2024, and 64% adopted additional cybersecurity tools. As a result, Israel’s economy is better protected than many other countries.
However, the situation is more challenging for small and medium-sized businesses. "Many small companies are vulnerable to ransomware attacks," Hassan warns. "Without adequate investment in cybersecurity, these businesses will continue to face significant threats."