OpIsrael # 2022 – What to fear?

The threats from the Anonymous group on the annual #Opisrael activity have begun their ninth round, which will take place in 2022.

For those unfamiliar, #Opisrael (Operation Israel) is a planned attack that took place every year between April 7 and 14 and is trying to put the Israeli-Palestinian conflict on the agenda. The attack is aimed at Israeli companies and government websites.

This year, although there are no clear indications of the type of planned attack, it is important to remember that the threat is still circulating in the business world in Israel, especially following the drastic move to remote work and the increasing use of digital tools.

What was, is not over yet
#Opisrael was created by the global Anonymous group that set itself the goal of delegitimizing the Israeli government and people and harming national morale. The first operation took place in 2013 and began with cheers. The hackers broke into Walla’s servers and leaked thousands of passwords from the database. The following year, the hackers had another success, when they managed to break into Visa CAL and leak the credit details of many Israelis. In 2015, the threatening text messages sent without a few Israeli cell phones starred.

In the last two years, however, with the hardening and tightening of efforts to secure information in the vast majority of Israeli companies, the expectation of the operation exceeds reality, and the traditional hacking week amounts to minor breaches without significant damage.

Threats from home
Although it is not yet known what the focus of hacking activities will be this year, it should not be taken lightly that hackers will try their luck at hacking into your organization, and even if the coming week passes quietly, that does not mean your organization is completely immune to hacking attempts.

The welcome transition of most of the Israeli economy to digital digital work, has opened the door to a whole world of threats and dangers that until today were not known to many organizations. VPNs, remote takeover software, conferencing software, and remote built-in applications are just some of the digital tools that have gone into the work routine and expose us even more to hacking operations.

The #Opisrael period should be used to refresh the information security procedures page, and to remind all employees that a significant part of the responsibility for preventing burglary is in their hands.

Examine, be careful and update
The actions that should be taken today to avoid a cyber attack, could be the ones that will decide whether the coming week will pass for those who rest or we will be amazed to see the name of our organization star in the news releases:

  • Do not open emails whose origin is unknown and unknown, and especially do not download or click on links in such emails
  • Ensure that the login passwords for the various tools are strong enough, and set a password replacement policy that applies once for a pre-determined period of time
  • Since there is a possibility of attempting an attack with the help of old passwords that have been leaked – this is a great time to change the passwords in the organization across the board and align with the password policy.
  • Perform software updates in general and security updates in particular, for all systems and tools
    Increase vigilance and inform the Information Security and Cyber ​​Security Department of any case that appears suspicious

Beyond the conduct of the employees, the software developers and testers have another important weight that is worth paying attention to:

  • Check the security level of the open source components
  • Check the security level of the plugins and update if necessary, a reminder of the famous hack through the Nagich plugin in 2019 (an accessibility plug that was used by over a million Israeli sites and following a security breach, hackers can enter the databases of those sites and damage them)