A new report from US data protection company F5 Labs reveals that Israel has become the number one target for hackers and cyber attackers. The study, which was first reported in CTech by Calcalist, said Israel has surpassed the US, India, Russia, Turkey, and the Czech Republic.
The research was carried out in the third quarter of 2020, specifically between mid-July and mid-October, according to the report.
“In this time period, we also found that the most frequent geographical location for targets was Israel, followed by the United States, Russia, and India (see Figure 3). The target paths in the data show no particular association with Israeli systems or organizations, so we can only speculate as to the reason behind this geographical (or geopolitical) targeting,” Sander Vinberg, a threat research evangelist for F5 Labs, wrote.
F5 Labs said its researchers analyzed several months’ worth of global honeypot traffic from their research partner US cybersecurity firm Effluxio. A honeypot is a computer or computer system intended to mimic likely targets of cyberattacks. It can be used to detect attacks or deflect them from a legitimate target and to gain information about cybercriminals.
The two most prominent targets by far were server requests connecting to the web root itself (the / path) or robots.txt files, according to F5 Labs. And the most common IP addresses that were sources for hackers were linked to Russian networks, according to the data.
“We do know that the most widely seen IP address, 18.104.22.168, which had more than three times as many logged connections as the next one, is a known malicious IP address associated with Russian scanning networks,” the report said.
A “huge” amount of traffic targeting Israeli assets focused on WordPress administrative portals, the report said, “presumably for the purposes of credential stuffing or brute forcing their logins” but F5 Labs can only “speculate about the bigger objectives of attackers looking for Israeli WordPress sites to compromise.”
“They could be geopolitical adversaries looking to get a foothold inside the country to launch further attacks against Israel or its allies, or they could be actors with zero interest in Israel who are looking to misdirect attention,” Vinberg wrote.
Although the Israeli cybersecurity community has an excellent reputation “it is a good reminder that even Israel has easy targets like this,” Vinberg wrote.