Cyberwarfare / Nation-State Attacks , Fraud Management & Cybercrime , Government

Cyberattack Blamed for Setting Off Rocket Sirens in Israel

Sirens Ring in Jerusalem, Eilat; System Used to Warn Citizens About Missile Attacks
Cyberattack Blamed for Setting Off Rocket Sirens in Israel
Israeli electronic air raid sirens were set off Sunday night. (Source: Wikimedia Commons)

Israeli cybersecurity officials suspect hackers are behind a Sunday night incident causing rocket sirens to sound in Jerusalem and Red Sea town of Eliat.

See Also: New OnDemand | People-Centric Security for the Public Sector

Sirens rang for almost an hour in a disruption initially attributed by the Israel Defense Forces to a system malfunction, The Jerusalem Post reported. Rocket attacks in civilian areas remain an endemic danger in Israel.

The Israel National Cyber Directorate now suspects a cyber intrusion to be the cause. Deputy Minister of Economy Yair Golan suggested in an interview broadcast on national media that the culprits may hail from Iran.

"The Iranians are trying to harm Israel through cyber warfare, the incident requires a quick investigation," the former IDF deputy chief of staff told Israel Defense Forces radio.

Tensions have flared between Iran and Israel, with Tehran blaming the Jewish state for a recent spate of attacks on its nuclear infrastructure and Israel urging its citizens to depart Turkey amid worries that Iranian operatives may launch attacks on Israelis in Istanbul.

The breached sirens were municipal, not military systems, the Israel Defense Force's Home Front Command says. The civil defense authority says in a tweet that it "instructed local authorities to take prompt protection measures on local public address systems." The tweet acknowledges "suspicion of a cyber incident at the interface of a public address system for municipalities that led to the activation of the public address in a small number of points in the cities of Eilat and Jerusalem."

Remedial Measures

The INCD did not immediately respond to Information Security Media Group's request for comment.

It did publish online preventive security measures for other "similar systems" that may also be vulnerable without specifying their relevance to a particular sector.

The measures include basic cybersecurity measures, such as changing default passwords, setting up long complex passwords and changing them frequently and implementing a two-step verification processes. The directorate also recommends "setting restrictions on access permissions to the management interface and remote connection to specific users and, if possible, also by IP addresses."

Phishing Campaign Unveiled Last Week

Israeli cybersecurity firm Check Point last week unveiled a spear-phishing operation targeting high-profile Israeli and U.S. executives that it attributes to Iran.

Among the targets identified by Check Point were Tzipi Livni, an Israeli former foreign minister and deputy prime minister; an unnamed former major general who served in a highly sensitive position in the IDF; and an unnamed senior executive in the Israeli defense industry.

The same day the Check Point article appeared, the Israel National Cyber Directorate issued a warning about an "active phishing campaign against various users in Israel" and released an alert containing information allowing users to stymie the attacks.

Likely Motive

Israeli OT security firm Radiflow's co-founder Ilan Barda says the incident spotlights the state of municipal cybersecurity in the country.

Cities are tempting targets for malicious hackers. Traffic lights, public transportation and other municipality-run systems are being automated across Israel. That reliance creates vulnerabilities. A hacker could "bring a city or region to a halt, impacting supply chains, food deliveries, and more - putting a city under siege," Barda tells ISMG.

Whether the siren incident was intentional or not remains an open question, he says. It is possible the incident was an accident triggered during the hackers’ exploration for vulnerabilities in the municipality's security system.

If the incident had been intentional, "it would make more sense to conduct this incident during a religious holiday or time of large gatherings to shatter any sense of security," he says. But it also might have been a false flag operation used as a distraction for a different cyberattack, he adds.

Note: This story was updated on June 21 to include INCD's preventive cybersecurity advice and comments from Radiflow co-founder Ilan Barda.

About the Author

Mihir Bagwe

Mihir Bagwe

Principal Correspondent, Global News Desk, ISMG

Bagwe previously worked at CISO magazine, reporting the latest cybersecurity news and trends and interviewing cybersecurity subject matter experts.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.