Last Sunday started like any other day, but things took a dramatic turn by noon. Reports began pouring in about payment systems across Israel acting up. Customers at cafes waited impatiently as their transactions lagged. Shoppers at Super-Pharm stood in long queues, frustrated by checkout delays. Even Israel's national airline, El Al, was not spared. What was happening?
It turned out that Credit Guard, one of Israel's largest secure payment providers, was under a massive Distributed Denial of Service (DDoS) attack. The assault began at noon and didn't let up until 11:00 PM. For almost 11 hours, businesses relying on Credit Guard faced significant disruptions, causing a ripple effect across multiple sectors. and didn't let up until 11:00 PM. For almost 11 hours, businesses relying on Credit Guard faced significant disruptions, causing a ripple effect across multiple sectors.
A Day of Disruptions
Imagine trying to grab your morning coffee, but the payment won't go through. Or booking a flight, only to have the transaction stall indefinitely. That is what many Israelis experienced. Transactions that usually took seconds stretched into minutes—up to four minutes in some cases. In our fast-paced, digitalized world, that's an eternity.
"Customers reported disruptions in credit card payments in stores and various businesses, including food chains and gas stations, and the inability to transfer funds via Bit and PayBox."
— PC.co.il Magazine, November 10, 2024
The impact was widespread, affecting not just consumers but also businesses. Revenue fell, and customer trust was shaken.
Introducing the "Sky Aid" Cyber Campaign
But here's the kicker: this was not an isolated incident. A coalition of hacktivist groups has announced a new, coordinated cyber campaign against Israel, ominously named "Sky Aid."
On November 13, 2024, the Cyber Army Resistance posted a message on their Telegram channel:
"With the help of Allah, we announce that we, in the Gathering and Union of the 'Sky Aid' Alliance Teams, under the Cyber Islamic Resistance Team, today launch... the Sacred Cyber War against Israel. This is the start of a comprehensive offensive phase against all Enemies... in the coming days."
— Cyber Army Resistance Telegram Channel
This declaration signals a planned escalation in cyber-attacks, set to peak this weekend (November 15-17, 2024). The groups involved have clarified that their operations will be more extensive, potentially involving various application attacks beyond DDoS.
Who's Behind "Sky Aid"?
The "Sky Aid" alliance isn't just one group but a coalition of numerous hacktivist organizations. Their public communication lists a wide array of pro-Palestinian groups and groups friendly to the cause, including NoName057(16), Cyber Army of Russia Reborn (CARR), Anonymous Arabs, Moroccan Cyber Forces, Cyber Islamic Resistance, 313 Team, DeepX Club and many more. Some groups in the Cyber Army Resistance announcement acknowledged their participation by reposting it on their channels. Other groups remain silent, so how many groups will actively participate in the announced attack campaign remains to be seen.
This broad coalition indicates a high level of coordination and resources, increasing the potential impact of their planned attacks.
The Domino Effect of Payment Provider Attacks
What is particularly alarming is how the attack on Credit Guard affected many others. This is an example of an "application supply chain attack." By targeting a single payment service provider, the attackers indirectly cripple all the businesses that were dependent on them.
Think of it like knocking out a single power station and plunging an entire city into darkness. Businesses could not process payments, leading to lost sales and unhappy customers. It is a stark reminder of how interconnected our digital infrastructure is.
Sectors in the Crosshairs
Based on chatter from these hacktivist groups, several sectors are at heightened risk:
- Financial Services: Banks, payment processors, and other financial institutions.
- Transportation: Airlines, public transit systems, and logistics companies.
- Retail and Hospitality: From supermarkets to cafes, any business with a point-of-sale system could be impacted through its payment provider supply chain.
- Government Services: Websites and online portals providing essential services.
A message from Team1956 amplified these concerns:
"Anyone who does not take our warning seriously will regret... Day 5 before disaster. We don't forgive. We don't forget. Expect us."
— Team1956 Telegram Channel, November 10, 2024 https://t.me/team_1956/1285
What Can We Do?
First and foremost, awareness is critical. Businesses must recognize the potential risks and take proactive steps to mitigate them.
- Review and Strengthen Cybersecurity Measures: Ensure all systems are up-to-date and patched against known vulnerabilities.
- Diversify Service Providers: Where possible, have backup options for critical services like payment processing.
- Employee Training: Educate staff about potential phishing attempts and social engineering tactics.
- Collaborate with Authorities: Stay in touch with cybersecurity agencies for real-time updates and guidance.
- Ensure DDoS protections are in place for public services and websites
Final Thoughts
The attack on Credit Guard was a glimpse into a potential future where cyberattacks can disrupt entire economies. The "Sky Aid" campaign could represent a significant escalation in threats against Israel.
At Radware, we are committed to keeping you informed and prepared. We will continue monitoring the situation and providing updates as it unfolds.