IDF Has Rebuffed 3B Cyberattacks Since Oct. 7, Colonel Claims

The Israeli Defense Forces (IDF) have nixed somewhere in the range of 3 billion cyberattack attempts since last fall, an army chief said this week.

The claim, circulated across Israeli news outlets, was made by Colonel Racheli Dembinsky, commander of the IDF's Center of Computing and Information Systems, also known as Mamram. Mamram, essentially, is the IT organization for Israel's military, providing, maintaining, and defending its intranet, cloud systems, data processing, public-facing websites, and more.

As Dembinsky recalled at the IT for IDF conference in the city of Rishon LeTsiyon, an uptick in threats to Israel's military systems dates back to the terror attack on Oct. 7. "I received a phone call that morning and thought there was a malfunction in the alert system," she said. "I quickly understood there wasn’t a malfunction, but a broader attack. Also, we immediately understood this wasn’t fake. I put on my uniform and drove to the base. We began transitioning to emergency mode."

The strain on the IDF's systems continued in the weeks thereafter, as hundreds of thousands of reservists were quickly recruited into the war effort, and Mamram began allocating computing resources at 120% capacity.

According to Dembinsky, cyberattacks against the IDF in recent months have involved operational systems central to the military's functioning, such as those that ground forces rely on to coordinate information sharing in real-time. She did not provide details on the nature of the attacks, but noted that the many billions of them had been blocked.

Cyber Threats to Israel

Israel has seen a dramatic increase in cyberattacks overall since the start of the war, notes Gil Messing, chief of staff for Check Point Software. "Attacks in general have more than doubled, to the point that an average Israeli organization is attacked more than 2,200 times every week," he explains.

"This has been driven mostly by politically motivated hacking groups — such as nation-states attacking Israel, like Iran, or Hezbollah — and hacktivist groups that are joining forces in attacking Israel in the context of the war. We are monitoring over 80 such groups which do everything from defacement and DDoS to ransomware and wipers."

Specifically, Check Point tracks at least five of those groups as state-level advanced persistent threats (APTs) from Iran, and another five or six as working for the Iranian proxy Hezbollah. Some of the 80-plus work for Hamas, and still others are sympathetic groups from outside of Palestine and Lebanon.

"Cyberattacks are a clear and evident part of the war and, at the same time, the 'regular' hackers who are financially motivated are also attacking Israel (like any other country). So, all in all, the increase of attacks which we see in Israel is almost double what we see on the global average,” Messing says.

In response to the overwhelming threat, he adds, capable organizations have upped their game and their collective information sharing. Still, plenty of companies, government, and law enforcement organizations remain behind.

Case in point: At a separate panel at IT for IDF, Kobi Menashe, head of the guidance department and spectrum defense for the Israel National Cyber Directorate (INCD) defense division, revealed that 139 out of the 259 local authorities in Israel are facing a "very bad cyber situation." By contrast, just 89 are defined as "good." (He did note, though, that only 30 were considered good by Oct. 7.) That, despite a threefold increase in cyberattacks observed against local authorities in recent quarters.

"While the hackers are continuously working hard to attack Israeli organizations, many on the defenders' side don’t act so swiftly," Messing says. "This results in more successful attacks, which happen by the day."