Israel’s National Cyber Directorate issued its annual warning on Sunday against possible cyberattacks to mark Iran’s Quds Day and the end of the Muslim holy month of Ramadan.
Iran initiated Quds Day, or Jerusalem Day, in 1979, the year of the Islamic Revolution. It commemorates the day with anti-Israel speeches, events and threats to “liberate” Jerusalem from Israeli control.
The possible breaches of Israeli websites are expected on or around April 29 this year, and are coordinated by anti-Israel hackers around the world under the banner “#OPJerusalem.”
In previous years, the day was marked by website breaches that spread anti-Israel or pro-Palestinian messaging, cyberattacks on companies that host and maintain a large number of websites to maximize the impact of the breach, as well as attempted hacks into organizations’ systems and information leaks, the directorate said Sunday.
In 2020, various affected websites displayed a video simulating Israeli cities being bombed and messages threatening the destruction of the Jewish state.
This year, OPJerusalem operations come amid high tensions in the Israeli capital surrounding the Temple Mount compound, where police have repeatedly clashed with Palestinian rioters in recent weeks.
The Temple Mount and Jerusalem have been a tinderbox this past month, as Passover overlapped with Ramadan. The Temple Mount is the holiest place in Judaism as the site of the biblical temples. Al-Aqsa Mosque, which sits atop the mount, is the third holiest shrine in Islam. Jews are allowed to visit the compound, but not pray or perform religious rituals, as part of the sensitive status quo.
The directorate said there has been a significant increase in cyberattack attempts over the past month, notably DDoS attacks, or denial-of-service attacks, where hackers overload a website with junk traffic to disrupt its online availability, and defacement attacks, where attackers change the visual appearance of a website.
Last week, a group of pro-Iranian hackers claimed responsibility for a DDoS cyberattack that temporarily took down the Israel Airports Authority’s website. The breach coincided with the two-year anniversary of the assassination by the US of Qassem Soleimani, the head of the Quds Force of the Islamic Revolutionary Guard Corps, a US-designated terrorist organization.
The DDoS attack targeted dozens of other Israeli sites as well.
In recent years, numerous suspected Iranian cyberattacks on Israel were reported, including one that targeted its water infrastructure in 2020
Einat Meyron, a cybersecurity consultant and cyber resilience expert, said that for OpIsrael, attackers typically “try to deface websites where they gain access, erase the homepage and replace it with pro-Palestinian messages.”
“The goal is to sow panic and generate alarm. But we know from past years that [these types of attacks] are not very serious,” Meyron told The Times of Israel on Sunday.
“There are situations where defacement is used as a smoke-screen to hide a more serious attack, so it’s good to be aware of the possibility,” she warned.
She said most websites and organizations can protect themselves using basic methods such as keeping all software updated, implementing patches (software and operating system updates that patch security vulnerabilities) where necessary, and enabling two-factor authentication (2FA), a method that adds an extra layer of protection to ensure the security of online accounts beyond a username and password.
“Another thing website owners can do is ask their hosting companies about changing their passwords and how often they do so to stay ahead of breaches,” said Meyron, adding that she recommends password changes every three months or so.
“These are all very simple, very basic things that people can do to secure their sites,” she said. “Of course, systems like hospitals will likely have additional layers of protection than, say, a site that sells balloons for Yom Ha’atzmaut [Independence Day], but these are some simple precautions.”
In its annual announcement Sunday, the cyber directorate said it reached out to organizations with a collection of recommendations to strengthen their system security and “actively approached the web-hosting companies” to bolster their defenses as well.
The directorate launched a program last year aimed at strengthening security for web-hosting companies by setting a uniform standard for protection.
Separately, the directorate warned the general public against opening hyperlinks or downloading files received via email from unknown, unofficial or dubious sources. It also reminded the public to not give out passwords or personal details or to respond to requests for such information. Those who come across a corrupted website should not click any of its links but instead shut down their web browser.
Passwords should be strong, it said, and recommended implementing two-step verification for email access, social networks and messaging apps.
In general, the directorate advised to only download applications from recognized online stores and not click on website links that make offers that seem too tempting.
Cyber attacks and suspected breaches can be reported directly to the directorate by dialing 119.