A cyberattack disrupted Israel’s credit card payment system once again, targeting Shva, which facilitates communication between payment processors. The attack, identified as a Denial of Service (DDoS) event, prevented payments from being cleared for several hours on the morning of the incident. While initially thought to be a communications malfunction, it was later confirmed to be a cyber incident. Though the payment system resumed operations, some customers continued experiencing issues.
Gil Messing, Chief of Staff at Check Point, attributed the attack to a state actor, although it was not immediately clear whether Iran was involved. He noted that these types of DDoS attacks—where many remote servers overload a payment system’s servers—are common tools used by nations rather than smaller attack entities. Despite the temporary disruption, the actual payment system was not compromised, as the attack was more focused on causing operational downtime.
This is not the first such attack on Israel’s credit card payment system. Similar incidents have occurred in the past, including one in October, which was also attributed to a cyberattack and caused issues with clearing credit card transactions. During the previous attacks, the company had to disconnect the Israeli payment system from foreign networks to mitigate the disruption. Shva’s quick response prevented the incident from affecting the overall revenue of the company.
The recurring nature of these DDoS attacks on Israel’s financial infrastructure has raised concerns about their potential for cognitive and psychological impact rather than direct economic harm. Messing explained that the goal of these attacks appears to be more about creating disruption and instilling fear, rather than stealing data or funds. Both Messing and cybersecurity experts agree that to counter such threats, there needs to be a focus on increasing system resilience, particularly by improving protections for API interfaces.
Reference: