Suspected DDoS Attack Disrupts Israel’s Payment Systems

• Card readers across Israel malfunctioned this weekend as a result of a cyberattack.
• The Distributed Denial-of-Service attack impacted gas station and supermarket chain payments for an hour.
• Experts believe this incident is part of a wider campaign attributed to Iranian threat actors.

A cyberattack temporarily disrupted thousands of payment card readers across Israel, leading to widespread malfunctions in payment processing on Sunday morning. Hyp Credit Guard, the company responsible for safeguarding these payment systems, suspects it was a Distributed Denial-of-Service (DDoS) attack. 

The attack targeted communication suppliers across Israeli gas stations and supermarket chains, according to a report from The Jerusalem Post. The incident unfolded over an hour-long crash but was swiftly contained. 

"In the last hour, we experienced a DDoS attack on some of the company's services and the communication providers connected to us," Credit Guard stated. They reassured the public that the attack was blocked, and the service returned to normal operation.

The company has assured the public that a larger-scale cyberattack has been ruled out.

This incident is part of an ongoing series of suspected cyberattacks attributed to Iranian threat actors that is aimed at penetrating Israeli cyber defenses. 

A previous attempt occurred in October and was attributed to Iranian actors, which targeted Israel's national credit-based payment system operated by Sheba (Automated Bank Services).

While the previous incident delayed debit card payment approvals, Israel’s essential financial infrastructure remained unaffected thanks to robust security measures. The core integrity of Sheba’s system remained intact, preventing widespread economic repercussions.

The latest cyber event underscores the ongoing threat landscape and the necessity for continuous vigilance and improved cybersecurity protocols. Organizations and security agencies are urged to enhance their resilience against such attacks to safeguard national infrastructures and services.

Iranian state-backed threat actor APT42, which is also associated with Iran’s Islamic Revolutionary Guard Corps (IRGC), was seen stepping up its targeted phishing campaigns against Israel and Israeli military, government, and diplomatic organizations, as well as former senior Israeli military officials.

Meanwhile, Iranian government-backed cyber espionage group MuddyWater deployed a new phishing campaign that mostly targeted Israeli organizations via PDF-embedded URLs that download malware.