Data dump from Radware hack raises cyber eyebrows for the future of warfare
Data dump from Radware hack raises cyber eyebrows for the future of warfare
The hackers claim they will abide by the current ceasefire, but gigabytes of files have already been dumped on Telegram exposing sensitive information belonging to millions of Israelis
Every day this week there has been a dump of daily personal information belonging to millions of Israelis via Telegram, the social media network famous for its relaxed content moderation policies. The victim of the attack was Radware, an Israeli cybersecurity company, but its customer Signature-IT was the primary target and from whom most of the information was stolen.
The data breach was conducted by Cyber Toufan Operations, a newly formed politically motivated group established on November 18 and whose name appears to be inspired by what Hamas has named the current war, “Toufan Al-Aqsa.” Over the last week, it has been dripping sensitive information belonging to Israelis who are connected to Signature-IT’s customers, including Max Security (a cybersecurity and geo-intelligence company), the Israel Innovation Authority, the Israeli government's National Archives, Shefa Online (an Israel-based service used by Ikea), and Radware itself.
The group claims it will abide by the planned ceasefire and pause its data dumps, but there is no knowing how much more information the group has collected and how much longer it will keep releasing information if things flare up again. So far, the data belonging to millions of people includes emails, phone numbers, names, and business interactions, but no credit cards or banking information.
“Israel is going through a significant wave of cyberattacks,” said Gil Messing, Chief of Staff at Check Point. “It is not regular times.” While the world has been gripped by the physical warfare between the IDF and Hamas in Gaza, Israel has been grappling with an increasing number of cyberattacks affecting its digital infrastructure. “The cyber warfare is definitely imminent and growing by the day,” he added.
Screenshots of the Telegram group that has been dumping information have been circling X with many posts directly linking to the war and promising further threats. “We’re talking about more than 120 groups actively attacking Israel,” Messing explained. “We should expect more leaks to happen and people should be aware.”
According to Messing, Israel has seen roughly a 22% increase in overall attacks against Israeli targets since the start of the war following the attack on Israel on October 7. These have included ransomware attacks, attacks on mobile devices, as well as an increase in attacks on IoT devices such as security cameras and other items connected to an internet connection. Check Point has been offering its help to customers in Israel and around the world to make sure the impact of the attacks remains minimal.
There are many ways that government bodies and private enterprises can try to stay secure in times of cyber attacks, such as regularly changing passwords or adopting two-factor authentication. However, since there is no strict policy or regulation making sure etiquette is upheld, it is up to the individual organization to remain vigilant against such threats.
“Because cyber warfare uses digital attacks like hacking, espionage, and sabotage, there are a number of factors that make it seem impossible to avoid,” added Tomer Schwartz, Co-Founder and CTO at Dazz. “Firstly, as a society, we have become increasingly more reliant on digital technologies for communication, commerce, and critical infrastructure, which creates a much wider attack surface and therefore more opportunities for bad actors to do bad things. Secondly, since cyber attacks can be conducted anonymously or with false attribution, it can be incredibly difficult to learn who is responsible. As a result, bad actors believe they can escape consequences. Lastly, as we’re seeing with the Israel-Hamas war, the lines are blurring between traditional warfare and cyber warfare.”
The results of cyber warfare are made harder due to the increased ease at which they can be performed. Platforms like Telegram are hosting stolen and sensitive materials with little to no consequence for Russian founders Pavel Durov and brother Nikolai Durov. While Schwartz has urged collaboration between governments, businesses, and cybersecurity experts to share threat intelligence and cybersecurity best practices, an actual policy still might be difficult to secure since there is no legal authority in place to help mitigate these leaks. The expansion of the internet and an ever-growing young population means tech-savvy hackers have more of an advantage than previous generations.
“In recent years, a lot of people are more available to perform cybersecurity attacks because the generation changed and people now have more time and can learn new things,” explained Ronen Ahdut, Head of CyOps MDR at Cynet Security. “A lot of people have learned during the pandemic how to perform hacking actions.” As for Cyber Toufan Operations, Telegram lends itself to the organization because of its nature as being what Ahdut calls “an open space to talk, sell, and show off activities… it is being used by criminals who sell drugs in Israel and for cybersecurity activities like cyber terrorism.”
The attack on Radware is all but the latest in acts of cyber warfare Israel has had to face alongside the physical threat posed by Hamas and the ongoing war in Gaza. While one may soon hope to see a resolution with the safe release of Israeli hostages, it seems the future for Israel on the cyber battleground is a bit bleaker: as long as Israel is connected, then it is at threat of attack by bad actors seeking to exploit or embarrass it.
“The safest way to make sure nothing happens to a device is to disconnect it from the internet. No one wants to be disconnected from the internet, and everything comes with risk,” concluded Ahdut, who used to work in aviation security at El Al. “We used to say that the safest flight is the one that doesn’t take off, but you have customers that want to fly. So you need to find a way to manage this, and this goes with anything.”
For now, the data dump from the Radware leak will continue in one way or another (outside of the alleged ceasefire pauses). The information already leaked can be repurposed and exploited in other ways, such as selling sensitive information that might cause knock-on damage in other areas. All that can be done by Israeli citizens, businesses, and government offices is to remain vigilant and aware of the threat posed by groups Messing calls “related to the axes of evil” with Hezbollah and Hamas. “We are in the midst of a real cyber warfare. It’s true, it’s real, and what we’ve seen in these daily leaks is just one example,” he concluded.