The Israel National Cyber Directorate (INCD) received approximately 17,000 cyber incident reports in 2024, reflecting a 24% increase compared to the previous year, according to its Annual Cyber Report published today. The report provides an overview of the state of cybersecurity in Israel, covering reported cyber incidents, alerts, vulnerabilities, investments in the cybersecurity industry, and the resilience of critical infrastructure.
The most frequently reported attack this year was phishing (41%), followed by Social Media Hacking (22%). Additional reports included vulnerabilities (11%), Intrusion into Computer systems (7%), as well as incidents involving malware, Bypassing Authentication mechanisms, operational continuity disruptions, and spectrum interference (each accounting for around 1% of cases). Due to a trend that intensified during the war, a new reporting category, ” hostile influence campaigns,” was introduced this year, comprising threatening messages, fake news, psychological warfare, and deepfake videos, making up 5% of all reports. Out of the total incidents, 8,191 reports came from private citizens, while the rest were submitted by organizations. The most targeted sectors included communications, finance, and technology.
As part of the ‘Responsible Vulnerability Disclosure’ Program, which encourages reporting from the cybersecurity community, the INCD recorded a 22% increase in vulnerability reports. These reports have become more precise and of higher quality. Additionally, there was a significant decrease in the time between vulnerability disclosure and exploitation, dropping to mere hours. This trend poses a challenge for cybersecurity teams, requiring them to immediately implement security updates for critical vulnerabilities.
According to the report, the number of cyber alerts issued by the INCD has doubled compared to the previous year, reaching 736 alerts related to vulnerabilities and attack indicators. Another notable trend observed this year was the increased sophistication of phishing attacks A notable trend this year was the improved credibility of phishing messages and their greater customization to specific targets. Over the past year, the INCD handled nearly 4,500 malicious links, marking an approximately 80% increase compared to the previous year.
The report details the activities of advanced systems and projects aimed at sharing cyber threat information between entities. Among them is CyberShield, a system providing real-time monitoring and threat detection to nearly 60 critical organizations, and Crystal Ball, which enables cyber threat intelligence sharing between countries.
The report outlines key trends observed the attackers’ activity this year, including faster exploitation of vulnerabilities, an increase in the use and trade of leaked login credentials, a rise in phishing attacks targeting organizations, supply chain attacks on digital service providers to gain access to multiple organizations simultaneously, hacking into security cameras, large-scale DDoS attacks, and increased efforts to gather intelligence on Israeli citizens and specific individuals.
Throughout the year, 900 attackers’ posts were identified on social media platforms, such as Telegram, regarding cyberattacks in the Israeli economy, along with 500 data leak files related to Israel published on the web and the darknet. These publications are also part of the enemy’s ongoing efforts to influence public perception in Israel
INCD Director General Gaby Portnoy stated: “The year 2024 presented us with unprecedented challenges. We learned, became more efficient, improved, and drew conclusions. The INCD operated as a true combat force, utilizing the most advanced tools and maintaining close cooperation with the security community, the government, and the private sector. The war has proven that the public itself is an integral part of the national cybersecurity defense framework.”
