Ongoing Cyber Attack Targeting Israeli Organizations: ESET Reports

ESET, a global cybersecurity company, has reported an ongoing cyber attack targeting various Israeli organizations. The attack, which involves Remote Desktop Protocol (RDP) connections, has been gaining attention due to its provocative nature and the specific message sent to the victims.

Once the attackers gain access through RDP, they replace desktop backgrounds with an image featuring the colors of the al-Aqsa Martyrs Brigade—a group linked to Hamas. The image includes a message in both English and Hebrew that reads: "Israel has been defeated. Over a year of bombings on Gaza, but the resistance is stronger than ever. The struggle will continue until every piece of Palestinian land is liberated. October 7 was just the beginning."

In some cases, attackers have further compromised systems by controlling printers and printing the same message. Additionally, they have corrupted organizational files, causing further disruption.

Attack Methods and Possible Attribution

ESET's preliminary investigation suggests the tactics resemble those of the Handala hacking group, known for targeting Israeli websites and stealing sensitive data. As part of their strategy, the attackers confirm the geographical location of the targeted system by attempting to access the Israeli Home Front Command website, which is restricted to within Israel. Once access is verified, they proceed with the attack.

Cybersecurity Recommendations for Israeli Organizations

ESET urges all organizations in Israel to take immediate action to strengthen their cybersecurity measures. Key recommendations include:

1. Strengthen Password Policies: Use passwords with at least 12 characters, incorporating a mix of uppercase letters, lowercase letters, and special characters.

2. Restrict RDP Access: Disable RDP connections or enable them with multi-factor authentication.

3. Update Operating Systems: Ensure that all computers and servers are running the latest security updates. Replace unsupported systems that no longer receive security patches.

4. Use Up-to-Date Security Solutions: Ensure cybersecurity software is current and effective in addressing emerging threats.

The Importance of Cybersecurity Awareness

Adan Avramov, Chief Technology Officer at ESET, highlighted the critical nature of this attack, noting the heightened sensitivity during this period of conflict. The provocative messages being distributed bear today's date, January 19, and deliver a clear and alarming message aimed at disrupting operations. Avramov stressed the need for heightened cyber awareness and the importance of proactive steps to mitigate potential threats.