Clashes at Al-Aqsa Mosque stir a wave of cyberattacks against Israel

Cyberattacks target Israel’s critical infrastructure in the wake of violent clashes at Al-Aqsa Mosque.

Violent incidents continue to erupt, as Israeli police forces have repeatedly stormed the Al-Aqsa mosque in Jerusalem – one of the holiest sites for Islam religion. Police raids during the month of Ramadan, considered sacred by Muslims, caused a wave of outrage worldwide.

The events were followed by hacktivists groups encouraging to fight back against Israel. The recent wave of cyberattacks joins the annual coordinated cyberattack ‘OpIsrael’ started by Anonymous back in 2013.

Anonymous has previously launched campaigns targeting Israeli websites, including those of government, military, and financial institutions, as a way to protest against Israeli authorities.

Researchers at cyber threat intelligence company Cyble have noticed that hacktivists are currently targeting a critical infrastructure that heavily depends on the proper functioning of the industrial control system (ICS).

ICS devices, such as pumps, valves, and motors, are used to control power grids, water treatment plants, and transportation systems. Since the devices are often connected to the internet, they are vulnerable to cyberattacks

The report’s authors have also noticed an increase in distributed denial-of-service (DDoS) attacks, Global navigation satellite system (GNSS) attacks, database dumps, and attacks targeting ICS in facilities that primarily deal with water and other liquids.

Targeting critical infrastructure

The report mentions recent cyberattacks targeting critical infrastructure. On April 9, ten water controls in Israeli agricultural districts were knocked down by a cyberattack on April 9, resulting in temporary interruptions to irrigation systems in the targeted farms.

Later, on April 14, a hacktivist group known as "Electronic Tiger Unit" shared a screenshot on their Telegram channel, claiming to have accessed the SCADA water regulatory systems.

SCADA systems have the capability to monitor various water parameters, including tank levels, chemical levels, UV intensity, environmental conditions, pumps, valves, and filters.

The shared screenshots show threat actors accessing "Aegis-II", a water control product designed to provide dependable regulation of cooling, boiler, and other water treatment applications.

“ICS attacks launched in the #OpIsrael campaign are majorly due to the use of default credentials and the organizations’ exposure of critical assets over the internet. Frequent hacktivist activity targeting OT increases the risk of significant OT incidents,” reads the report.

Serious damage to industry

Attacks against ICS devices could have devastating consequences for the industry. If malicious actors could gain access to systems involved in irrigation farms, they could potentially manipulate the irrigation process, leading to over or under-watering of crops, as well as causing flooding or droughts in the fields.

Accessing ICS devices could potentially endanger industrial manufacturing, as threat actors could manipulate the process parameters.

In the event of a breach, there is a possibility of equipment failure, downtime, and financial setbacks. The attacker could also extract confidential information from the ICS devices, including production schedules, customer data, and product designs.

When a threat actor gains entry to water and chemical controllers utilized in boiler rooms and other crucial infrastructure sectors, they may have the ability to tamper with the flow rate, dosing rate, and pH level of the chemicals, potentially causing significant damage.

“The threat actor could also cause significant disruptions to the production process by manipulating the chemicals used in the water treatment process, leading to corrosion of the pipes and boilers,” Cyble's team said.