The attacks were aimed at destroying information and systems in order to disrupt organizational activity and interfere with the functioning of the home front economy.
The directorate said it had received a growing number of reports over the past several days from organizations across a range of sectors affected by incidents of this kind. Its teams are helping those organizations contain the attacks and prevent additional incidents from spreading.
“This wave underscores that organizations of all kinds, large and small, may be exposed to this type of attack,” National Cyber Directorate head Yossi Karadi said. He added that, at this stage, no essential or critical organization needed for the functioning of the home front economy had been harmed, and that the directorate was working around the clock to protect vital assets.
In most cases, the attackers penetrated organizational networks using authentic user credentials that had been stolen in the past or leaked during previous attacks, the directorate said. In some cases, they also exploited a weakness in a component used for remote access to organizational systems.
Once inside the network, the attackers deleted systems and data, according to the directorate.
The directorate urged all organizations to immediately replace passwords for remote-access systems, enable two-factor authentication, verify that no unfamiliar users hold administrator privileges, update remote-access tools to the latest security versions, and ensure backups are in place.
Organizations that suspect a cyber incident were instructed to contact the National Cyber Directorate’s 119 emergency center. The warning came as Israeli cyber authorities said they were continuing efforts to block the attacks and assist organizations already affected.