"Sky Aid" Cyber Campaign: A Looming Threat Following the Credit Guard DDoS Attack


Last Sunday started like any other day, but things took a dramatic turn by noon. Reports began pouring in about payment systems across Israel acting up. Customers at cafes waited impatiently as their transactions lagged. Shoppers at Super-Pharm stood in long queues, frustrated by checkout delays. Even Israel's national airline, El Al, was not spared. What was happening?

It turned out that Credit Guard, one of Israel's largest secure payment providers, was under a massive Distributed Denial of Service (DDoS) attack. The assault began at noon and didn't let up until 11:00 PM. For almost 11 hours, businesses relying on Credit Guard faced significant disruptions, causing a ripple effect across multiple sectors. and didn't let up until 11:00 PM. For almost 11 hours, businesses relying on Credit Guard faced significant disruptions, causing a ripple effect across multiple sectors.

Cyber Army Resistance posted a message on their Telegram channel The Sky Aid public communication list of pro-Palestinian groups

(https://t.me/Mhwear99/2210)

A message from Team1956

A Day of Disruptions

Imagine trying to grab your morning coffee, but the payment won't go through. Or booking a flight, only to have the transaction stall indefinitely. That is what many Israelis experienced. Transactions that usually took seconds stretched into minutes—up to four minutes in some cases. In our fast-paced, digitalized world, that's an eternity.

"Customers reported disruptions in credit card payments in stores and various businesses, including food chains and gas stations, and the inability to transfer funds via Bit and PayBox."

PC.co.il Magazine, November 10, 2024

The impact was widespread, affecting not just consumers but also businesses. Revenue fell, and customer trust was shaken.

Introducing the "Sky Aid" Cyber Campaign

But here's the kicker: this was not an isolated incident. A coalition of hacktivist groups has announced a new, coordinated cyber campaign against Israel, ominously named "Sky Aid."

On November 13, 2024, the Cyber Army Resistance posted a message on their Telegram channel:

"With the help of Allah, we announce that we, in the Gathering and Union of the 'Sky Aid' Alliance Teams, under the Cyber Islamic Resistance Team, today launch... the Sacred Cyber War against Israel. This is the start of a comprehensive offensive phase against all Enemies... in the coming days."

Cyber Army Resistance Telegram Channel

This declaration signals a planned escalation in cyber-attacks, set to peak this weekend (November 15-17, 2024). The groups involved have clarified that their operations will be more extensive, potentially involving various application attacks beyond DDoS.

Who's Behind "Sky Aid"?

The "Sky Aid" alliance isn't just one group but a coalition of numerous hacktivist organizations. Their public communication lists a wide array of pro-Palestinian groups and groups friendly to the cause, including NoName057(16), Cyber Army of Russia Reborn (CARR), Anonymous Arabs, Moroccan Cyber Forces, Cyber Islamic Resistance, 313 Team, DeepX Club and many more. Some groups in the Cyber Army Resistance announcement acknowledged their participation by reposting it on their channels. Other groups remain silent, so how many groups will actively participate in the announced attack campaign remains to be seen.

This broad coalition indicates a high level of coordination and resources, increasing the potential impact of their planned attacks.

The Domino Effect of Payment Provider Attacks

What is particularly alarming is how the attack on Credit Guard affected many others. This is an example of an "application supply chain attack." By targeting a single payment service provider, the attackers indirectly cripple all the businesses that were dependent on them.

Think of it like knocking out a single power station and plunging an entire city into darkness. Businesses could not process payments, leading to lost sales and unhappy customers. It is a stark reminder of how interconnected our digital infrastructure is.

Sectors in the Crosshairs

Based on chatter from these hacktivist groups, several sectors are at heightened risk:

  • Financial Services: Banks, payment processors, and other financial institutions.
  • Transportation: Airlines, public transit systems, and logistics companies.
  • Retail and Hospitality: From supermarkets to cafes, any business with a point-of-sale system could be impacted through its payment provider supply chain.
  • Government Services: Websites and online portals providing essential services.

A message from Team1956 amplified these concerns:

"Anyone who does not take our warning seriously will regret... Day 5 before disaster. We don't forgive. We don't forget. Expect us."

— Team1956 Telegram Channel, November 10, 2024 https://t.me/team_1956/1285

What Can We Do?

First and foremost, awareness is critical. Businesses must recognize the potential risks and take proactive steps to mitigate them.

  • Review and Strengthen Cybersecurity Measures: Ensure all systems are up-to-date and patched against known vulnerabilities.
  • Diversify Service Providers: Where possible, have backup options for critical services like payment processing.
  • Employee Training: Educate staff about potential phishing attempts and social engineering tactics.
  • Collaborate with Authorities: Stay in touch with cybersecurity agencies for real-time updates and guidance.
  • Ensure DDoS protections are in place for public services and websites

Final Thoughts

The attack on Credit Guard was a glimpse into a potential future where cyberattacks can disrupt entire economies. The "Sky Aid" campaign could represent a significant escalation in threats against Israel.

At Radware, we are committed to keeping you informed and prepared. We will continue monitoring the situation and providing updates as it unfolds.

Arik Atar

Arik Atar

Arik Atar recently joined Radware's industry-leading Threat Research team, bringing his flavor of threat intelligence. While new to Radware, he draws on multifaceted expertise built across a 7-year career on the front lines of cyber threat hunting. In 2014, While completing his BA in International Relations and Counterterrorism at IDC University, Arik took his first steps on the darknet as part of his research on Iran-sponsored attack groups. On Bright Data, Arik uncovered both cyber adversaries'. He led investigations against high-profile proxy users that misused Bright Data's global residential proxy network to initiate mass-scale DDoS and bot attacks. In 2021, he moved from inspecting the attack logs from the attacker's view to inspecting the attack from the defender's point of view in human security (formal art PerimeterX), where he leveraged multiple hacker identities he developed over the years to hunt cyber threat intelligence on application hackers. Arik delivered keynote speeches at conferences such as Defcon, APIParis, and FraudFights' Cyber Defender meetups. Arik’s diverse career path has armed him with unique perspectives on application security. His expertise combines strategic cyber threat analysis with game theory and social psychology elements

Contact Radware Sales

Our experts will answer your questions, assess your needs, and help you understand which products are best for your business.

Already a Customer?

We’re ready to help, whether you need support, additional services, or answers to your questions about our products and solutions.

Locations
Get Answers Now from KnowledgeBase
Get Free Online Product Training
Engage with Radware Technical Support
Join the Radware Customer Program

Get Social

Connect with experts and join the conversation about Radware technologies.

Blog
Security Research Center
CyberPedia