Cyber warfare between Israel and Iran is evolving, and the numbers paint a dramatic picture. In 2024, reported cyber incidents in Israel jumped by 24%, largely attributed to Iran and its affiliated militias. But while the attack volume has soared, the nature of the conflict is changing, becoming more sophisticated and targeted.
The Israel National Cyber Directorate (INCD) recorded 736 alerts in 2024—double the previous year’s 367. More than 500 of these were critical “red alerts” directed at specific organizations. Calls to Israel’s cyberattack hotline also spiked to 17,078 over the year, showing a marked rise in attempted intrusions.
But numbers alone don’t tell the full story. According to INCD’s defense division executive Tom Alexandrovich, the cyber battle has unfolded in distinct phases, with attacks shifting from brute force disruptions to more refined and covert infiltrations.
From Chaos to Strategy: The Three Phases of Cyber Conflict
In the immediate aftermath of the October 7, 2023, attacks, Israeli institutions were bombarded with an overwhelming volume of cyber threats. Hackers targeted public systems, causing chaotic disruptions such as:
- Hacked public address systems blaring warning messages in kindergartens.
- A widespread denial-of-service attack crippling point-of-sale systems at gas stations and supermarkets.
- Digital billboards hijacked to display violent threats.
As defenses adapted, the focus of attacks shifted. Businesses, especially managed service providers (MSPs), faced a surge in phishing attempts—now the most common form of cyber intrusion, making up 41% of hotline reports in 2024.
But while the volume of attacks began to stabilize, attackers grew more sophisticated. Instead of relying on easily blocked scripts, Iranian-backed cyber units started leveraging remote monitoring and management (RMM) tools and legitimate software already present on targeted systems.
Iran’s Cyber Units Are Getting Faster and Smarter
One of the most alarming trends in 2024 is how quickly Iranian cyber actors are exploiting newly discovered software vulnerabilities.
“What used to take them days or even a week, now happens in just 40 minutes,” Alexandrovich warns.
This acceleration is largely due to improved coordination among Iran-aligned hacker groups. Instead of building their own hacking infrastructure, they’re purchasing access from cybercriminals and rapidly weaponizing fresh vulnerabilities. They also share intelligence and tools, reducing the time needed to mount attacks.
Another shift: Iranian groups are not just launching attacks—they’re aiming at long-term infiltration. By embedding themselves within supply chains and leveraging legitimate software, they’re making it harder for defenders to spot malicious activity before it’s too late.
The IDF and National Security Ecosystem Under Fire
While businesses and civilian infrastructure remain primary targets, Iran’s hackers have also set their sights on Israel’s military ecosystem.
“A good target for cyber operations is anything that supports the Israel Defense Forces (IDF),” Alexandrovich explains. “Transportation, emergency services, food manufacturers, and even missile defense suppliers.”
To counteract these threats, Israeli cybersecurity teams have mapped out 3,000 companies tied to the IDF’s logistics and operations. Under the umbrella of the “Cyber Dome” project—an AI-powered defense initiative modeled after Israel’s Iron Dome missile shield—these companies receive extra layers of protection and monitoring.
The Psychological Toll of Cyber Warfare
Beyond the technical battle, there’s another angle: fatigue. Constant alerts and threats wear down organizations and individuals alike.
“Imagine being told every day that your systems are under attack,” Alexandrovich says. “How long before you stop reacting? Before exhaustion sets in? That’s the goal—constant, grinding pressure.”
This exhaustion mirrors the broader conflict. The evening after INCD’s latest briefing, Houthi militants fired a ballistic missile toward central Israel. Sirens blared, but many citizens barely reacted. The missile was intercepted before it reached Israeli airspace. No one was harmed.
But in cyber warfare, the lines are blurrier. Damage isn’t always immediate or visible. And while Israel’s defenses are holding for now, the tactics of cyber conflict are shifting, and the next phase is already unfolding.
