Analysis of cyber attacks in 2020 shows Israeli entities are prime targets.
By Yakir Benzion, United With Israel
Cyber security analysts looked at the details of millions of cyber attacks at different times during 2020 and found that the main target isn’t the Pentagon or the Kremlin – it’s Israel.
The experts from the F5 Labs threat analysis team used what are called “honeypots,” putting legitimate-looking data on a website or computer that looks valuable to cyber criminals, but in reality is isolated so the hackers can’t get in too deep, allowing the experts to analyze the hackers and develop new security tactics.
After setting the honeypots and monitoring over one million connections from 89,000 unique internet addresses that used 22,000 unique target path/query combinations to try and hack into the computers, the experts found that: “the most frequent geographical location for targets was Israel.”
The hacking came from 183 countries and targeted 42 countries, with Israel the prime target followed by the United States, Russia, and India.
“The target paths in the data show no particular association with Israeli systems or organizations, so we can only speculate as to the reason behind this geographical (or geopolitical) targeting,” the report said.
The cyber sleuths noted that a majority of the attacks appeared to originate in Russia.
“We do know that the most widely seen IP address, 195.54.160.21, which had more than three times as many logged connections as the next one, is a known malicious IP address associated with Russian scanning networks,” the report said.
Israelis using WordPress should take note that the platform appears to be an easy target for cyber criminals.
“One remarkable thing about the huge amount of traffic targeting Israeli assets was how much it focused on WordPress administrative portals, presumably for the purposes of credential stuffing or brute forcing their logins. In fact, though all of the traffic focused a fair amount on WordPress sites, 92% of the traffic connecting to /wp-login.php was against Israeli systems,” the report said, indicating the hackers were trying to break into WordPress websites.
“We can only speculate about the bigger objectives of attackers looking for Israeli WordPress sites to compromise—they could be geopolitical adversaries looking to get a foothold inside the country to launch further attacks against Israel or its allies, or they could be actors with zero interest in Israel who are looking to misdirect attention,” said Sander Vinberg, a Threat Research Evangelist who wrote the report.
“Nevertheless, given the sophistication and reputation of the Israeli cybersecurity community, it is a good reminder that even Israel has easy targets like this. Every pool has a shallow end, and every place has assets that are either difficult to secure or poorly managed or, in the case of WordPress, often both,” he said.
“The campaign against Israeli WordPress sites is a reminder that even a place that we associate with information security, talent and culture has its own batch of low-hanging fruit,” Vinberg concluded.