During the past year, the INCD issued approximately 2,480 alerts, a 2.5-fold increase compared to the previous year. According to the annual report released today, 2,304 of these were proactive notifications to organizations based on specific indicators of Targeted attacks. The report further reveals that during Operation “Rising Lion”, there was a 75% surge in reports received by the 119 National Cyber Emergency Center compared to the monthly average.
The annual report presents a comprehensive situational assessment of Israel’s cyberspace, including trends in incident reporting, threat intelligence and advisories, vulnerability exposure, cybersecurity investment patterns, and the preparedness and resilience of national critical infrastructure.
Of the approximately 2,480 alerts issued: 93% were targeted notifications sent to specific organizations, 3.7% were economy-wide advisories, 1.3% were sectoral advisories directed at specific industries or peer groups, 2% were general public advisories, primarily addressing phishing and fraud campaigns.
The 119 National Cyber Emergency Center handled approximately 26,500 cyber incident reports during the year, reflecting a 55% increase compared to 2024. Phishing remained the most widespread threat vector, accounting for 52% of all reported incidents. It was followed by influence operations and psychological warfare (13%), account takeovers across social media, email, and Google services (11%), and unauthorized system intrusions (9%).
Yossi Karadi, Head of the Israel National Cyber Directorate:
“The year 2025 once again demonstrated that there is no ‘ceasefire’ in cyberspace; it has become a primary strategic front in safeguarding national security. The data leads to a clear conclusion: every organization, system, and citizen is a potential target of attacks designed to disrupt operational continuity and undermine national resilience. In response to this reality, the INCD has continued to fulfill its core mission – protecting critical infrastructure and ensuring the uninterrupted functioning of the State of Israel.”
Major incidents addressed by the INCD this year included:
- An attempted disruption of operations at Shamir Medical Center during Yom Kippur.
- A supply chain attack targeting a software service provider managing sensitive data for nursing.
- A destructive wiper attack resulting in the deletion of client servers at a cloud service provider.
INCD investigations identified the primary initial access vectors as phishing and credential theft via spoofed emails, infostealer malware used to exfiltrate sensitive data, supply chain compromises leveraging third-party vendors as entry points, exploitation of unpatched legacy systems, security products, and remote access services (VPN/RDP) and the abuse of vulnerable IoT devices to gain organizational footholds.
Related Topics
