Cyberattacks targeting Israel surged by 24% in 2024, driven largely by Iran and its proxy militias. But despite the spike in volume, the trajectory of this digital conflict is shifting. Experts suggest the battle has matured—moving from brute-force chaos to more stealthy, sophisticated operations.
Looking at the numbers alone, the story appears straightforward. In 2023, the Israel National Cyber Directorate (INCD) issued 367 alerts related to cyber threats. That figure more than doubled in 2024, hitting 736 alerts. Out of those, 518 were classified as “red alerts” and sent directly to targeted organizations. Meanwhile, Israel’s emergency cyber hotline (dial 119) received 17,078 calls—up 24% year-over-year.
Behind closed doors, officials have revealed even more staggering figures. In the immediate aftermath of the October 7 attacks, alerts and distress calls to Israel’s national security operations center jumped tenfold—from an average of 50 calls per day to over 500. Though exact numbers remain undisclosed, reports indicate the number of advanced persistent threats (APTs) targeting Israel has doubled as well.
Yet the pattern of these threats hasn’t followed a simple upward climb. According to Tom Alexandrovich, executive director of the INCD’s defense division, Israel’s cyber war with Iran has unfolded in distinct phases. The current phase—what he describes as the third—is marked less by relentless volume and more by strategic precision. Attacks may be fewer, but they’re smarter.
In the early days of the conflict, the most visible cyber campaigns were loud and disruptive. Distributed denial-of-service (DDoS) attacks and hacktivist-style stunts were the norm—often designed to spread fear rather than steal data. One chilling example involved attackers hijacking public address systems in kindergartens to broadcast threatening messages. In another, a coordinated DDoS attack took down a key point-of-sale service used at gas stations and supermarkets across the country.
Digital billboards also became an early battleground. “We had to warn billboard operators that their systems were wide open,” Alexandrovich recalls. “I drove down the highway one day, and every screen was blacked out—they took our advice seriously.”
But as Israel hardened its defenses, attackers adapted. They began shifting focus toward more traditional targets like businesses and managed service providers (MSPs). Phishing campaigns—still the most commonly reported attack method—accounted for 41% of hotline reports in 2024 alone.
While the volume of attacks eventually plateaued, the tactics grew more refined. Iranian-aligned groups stopped relying on outdated malware and started using off-the-shelf tools and legitimate remote monitoring software. These tactics allowed them to slip past traditional defenses unnoticed.
Instead of building everything in-house, they began purchasing access to systems and buying infrastructure. Proxies now collaborate, pooling resources to exploit newly disclosed vulnerabilities at lightning speed. What once took Iran’s cyber units days or weeks now takes just 30 to 40 minutes.
As these capabilities have evolved, so have their targets. Iran’s proxies are now zeroing in on high-value ecosystems that support the Israel Defense Forces (IDF). This includes transportation systems, emergency services, food manufacturers, and even supply chain firms tied to missile defense.
According to Alexandrovich, nearly 3,000 companies that support critical IDF operations have been identified and mapped by the INCD. These firms are now protected under a national defense initiative known as the “Cyber Dome.” Designed by Alexandrovich himself, the Cyber Dome aims to function like a digital Iron Dome—using artificial intelligence and big data to detect and neutralize cyber threats before they cause real damage.
The Cyber Dome’s objective is not just defense but resilience—ensuring the military, government, and private sector can operate even under cyber siege.
Psychological Warfare: The Hidden Cost of Constant Disruption
While high-profile attacks capture headlines, the daily drip of cyber disruptions has had a quieter, more exhausting impact on Israeli society. From schools to gas stations to hospitals, the constant threat has worn down the public’s patience and attention.
“Imagine getting a security alert every single day during wartime,” Alexandrovich says. “Eventually, people tune out. That’s the point—psychological exhaustion.”
That sense of weariness mirrors the broader reality of life under threat. Just hours after the INCD’s latest press briefing, Houthi militants launched a ballistic missile toward central Israel. Sirens echoed across Tel Aviv and Jerusalem. Some rushed for shelter. Others didn’t move. The missile was intercepted before it could reach Israeli airspace. No damage. No casualties.
But the alert still came—and that’s part of the war.
