Hamas Launches Unprecedented Terrorist Attack on Israel, Prompting Increase in Honeypots
In a shocking turn of events on October 7, Hamas launched a terrorist attack on Israel, resulting in the death of over 1,200 individuals and the capture of several hundred hostages. This brazen act of aggression has led to a deadly response from the Israel Defense Forces, with reports suggesting that more than 10,000 people have lost their lives in airstrikes and a ground incursion.
Following the attack, cybersecurity experts monitoring the internet have noticed a significant rise in the number of internet-connected honeypots in Israel. Honeypots are manufactured networks designed to attract hackers, enabling cybersecurity companies and governments to catch them and observe their techniques on a controlled decoy network or system. While Israel and Hamas are engaged in a real-life conflict, it is essential to note that cyber warfare has become an integral part of modern-day conflicts. Deploying honeypots can provide valuable insights into hackers’ activities during such conflicts.
John Matherly, the founder of Shodan, a search engine for publicly exposed devices and networks, revealed that there has been a surge in honeypots in Israel. He explained that these honeypots are posing as various products and services, aiming to detect any malicious activity occurring across Israel. Matherly noted that the increase in honeypots began in September and has continued to grow since then.
Speaking about the honeypots, Matherly stated, “It looks like all the honeypots are running web servers. I’m not seeing honeypots pretending to be industrial control systems, which means they’re trying to track any sort of wide-scale attacks on Israel and not focused on tracking attacks on industrial infrastructure.”
The number of honeypots has steadily increased since the initial wave, with Matherly confirming that the figures are only going upwards. He also suggested that the rise could be attributed to the launch of a new Amazon Web Services (AWS) region in Israel in August.
Piotr Kijewski, the CEO of the Shadowserver Foundation, an organization that deploys honeypots to monitor hackers’ activities, corroborated the findings. Kijewski stated that his organization has observed a significant increase in deployed honeypots in Israel since October 7. Prior to the war, Israel was not even among the top 20 countries in terms of deployed honeypots. Kijewski mentioned that while it is technically possible for a sudden surge in honeypots, it is unusual to witness such large-scale instances appear overnight.
Silas Cutler, a resident hacker at cybersecurity firm Stairwell, believes that deploying honeypots in the midst of a war makes tactical sense. Cutler drew parallels to the situation in Ukraine, where during the initial months of the conflict, there was a notable increase in unattributed exploitation against infrastructure within the conflict area. Cutler explained, “It’s mostly the same stuff, background noise of the internet…just a lot more. I suspect folks learned the only way to really see what’s happening is to spin up infrastructure and look.”
While it remains unclear who is responsible for deploying the honeypots across Israel and their specific purpose, having honeypots would serve as a tactical advantage for Israel, enabling them to monitor their adversaries’ online activities closely.
Despite attempts to reach out to the Israel Defense Forces for comment, a spokesperson did not respond.
If you have any further information regarding the cybersecurity aspect of the Israel-Hamas war, TechCrunch encourages you to get in touch. You can reach out securely to Lorenzo Franceschi-Bicchierai via Signal at +1 917 257 1382, or through Telegram, Keybase, and Wire @lorenzofb. Alternatively, you can email lorenzo@techcrunch.com. TechCrunch can also be contacted via SecureDrop.