Cyber Incident Victim: Automatic Bank Services Ltd.
Date:
Feb 2025
Location:
Israel
Summary
A denial of service attack disrupted Automatic Bank Services Ltd.'s credit card payment clearing system, causing service interruptions for multiple hours despite partial restoration claims. The incident, attributed to server overload from excessive requests, temporarily prevented transaction processing and followed similar prior attacks on the company and another Israeli clearing entity. Cybersecurity experts characterized the unsophisticated but disruptive attack as likely state-sponsored or enabled, targeting service availability to create widespread public impact rather than data theft. The company confirmed the incident as cyber-related after initially investigating a potential communications malfunction, noting past disruptions from comparable attacks without material revenue impact.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On February 13, 2025, Automatic Bank Services Ltd. (Shva), Israel’s central credit card transaction clearing provider, experienced service disruptions beginning around 11:00 AM local time, preventing payment clearances across financial institutions. The company immediately initiated an investigation into the cause, publicly acknowledging the malfunction while withholding initial attribution. Approximately one hour after the outage began, Shva issued an official update stating the national debit card payment system had resumed normal operations and credit transactions were functional, asserting full restoration by 11:30 AM. Customer reports contradicted this claim, with multiple users continuing to experience transaction failures until at least 1:00 PM. By afternoon, Shva confirmed the incident as a "simple cyber incident," diverging from earlier technical assessments. Analysis by Globes indicated a denial-of-service (DDoS) attack targeting Shva’s payment servers, characterized by high-volume remote server requests overwhelming system capacity. The attack caused intermittent service degradation for at least two hours, though infrastructure remained uncompromised. This marked Shva’s second major disruption within four months, following an October 2024 three-hour outage also attributed to a cyberattack.
The incident disrupted credit card payment processing nationally, though debit card services reportedly stabilized within the first hour. Historical context revealed a pattern of similar attacks: the October 2024 event prompted Shva to disable international access points to Israel’s payment network as a containment measure, while a separate November 2024 attack targeted Credit Guard, a clearing provider for retail and transportation sectors, though with lesser national impact. Cybersecurity experts, including Check Point’s Gil Messing and Panorays’ Demi Ben-Ari, confirmed the DDoS methodology, noting attackers exploited application programming interfaces (APIs) between financial systems to flood servers with requests. Messing assessed the attack scale indicated state-sponsored capabilities, citing Iran’s historical involvement in comparable incidents, while emphasizing the operational goal of generating "cognitive effect" rather than data theft or financial gain. Ben-Ari highlighted insufficient API protections as a critical vulnerability. Shva’s public communications focused on service restoration timelines but did not disclose technical mitigation steps or long-term operational adjustments. No data breaches or direct financial losses were reported, aligning with the October 2024 incident where Shva stated revenue remained unaffected despite system downtime.