In the past few months, Israel has been facing targeted attacks from different hacker groups. While some threat actors target big organizations in Israel and direct ransomware attacks at them, others are hacking websites and defacing them for spreading anti-Israel messages.
Defacement Attacks Against Israeli Websites
The hacker group ‘Hackers of Saviour’ has been continuously hacking Israeli websites and posting anti-Israel messages on the Homepages of the websites. We saw the same incident in the past, when the same hacking group defaced close to 2,000 Israeli websites in May 2020.
Publishing Hacked data on Cybercrime forums
On May 1, 2021, the hacker group has created a handle with the name “HackersOfSaviour” on a popular cybercrime forum.
Figure 2 Profile of hacker Group
Fig 3 showcases a post by the hacker group allegedly claiming to have confidential Israeli bank data.
Figure 3 Post by the Group
The hacker group also shared a Sample showing details of Israeli people. The data set has fields like the first name, last name, email address, phone number, Card number, Month and Year of card expiry, CVV, City Name, etc.
In Fig 4, we can see a snippet of the sample shared by the hacking group.
Figure 4 Sample shared by the group
The Hackers of Saviour group also made claims to have hacked Israeli government websites and accessed data related to the identity of millions of Israeli citizens.
Figure 5 Israeli citizens identity
In addition to Hackers of Saviour, another hacking group has been attacking Israel-based organizations using a ransomware named N3tw0rm. So far, the ransomware has hacked three big organizations of Israel and published their data on their websites, as seen in fig 6.
Figure 6 Ransomware attack on Israeli organizations
Cyble is continuously monitoring for these kinds of cyberattacks using its Darkweb and cybercrime monitoring capabilities to inform clients of such threats before they can take place.Page Break
Our Recommendations:
- Turn on the automatic software update feature on your computer, mobile, and other connected devices wherever possible and pragmatic.
- Always check for proper input sanitization which may cause xss, or Sql injection vulnerability.
- People concerned about their exposure in the Dark web can register at AmiBreached.com to ascertain their exposure.
- Give Admin privileges to only trusted and audited applications.
About Cyble:
Cyble is a global threat intelligence SaaS provider that helps enterprises protect themselves from cybercrimes and exposure in the darkweb. Cyble’s prime focus is to provide organizations with real-time visibility into their digital risk footprint. Backed by Y Combinator as part of the 2021 winter cohort, Cyble has also been recognized by Forbes as one of the top 20 Best Cybersecurity Startups To Watch In 2020. Headquartered in Alpharetta, Georgia, and with offices in Australia, Singapore, and India, Cyble has a global presence. To learn more about Cyble, visit www.cyble.com.
