Not just a commercial matter: The leak of materials from the company is much more significant and dangerous than it appears • The fear that the critical information will reach a hostile factor conveys the event to the state world • The materials could be used by the enemy for cyber attacks
Illustration
Photography:
Reuters
The cyber attack on the insurance company Shirbit is a much more significant and dangerous event than it appears: the fact that such an amount of information is in the hands of an unknown party, and may later reach hostile parties, removes the incident from the commercial world and transfers it to the state.
This is also the reason why the national cyber system was called yesterday to announce the incident and lead its investigation.
On the face of it, insurance companies are not run by the state.
Although they receive all relevant publications through the Capital Market Authority, unlike banks, for example, the state is not authorized to require them to take specific measures to protect their systems and information.
Although Shirbit claimed in a statement yesterday that it had "invested millions of shekels in securing databases and protecting against cyber attacks, and meets all the stringent regulatory requirements in this area," experts in the field believe that the company's conduct failed many times, The systems, which enabled the theft of files from the company's computers.
The group that carried out the attack, BlackShadow, is not known to the cyber authorities.
A check against various hackers also revealed nothing, and it seems that this is a new group or factors that are hiding behind another name.
A senior official said that "in the attack, the group demonstrated a relatively high level of sophistication and professionalism," using tools known in the attacking world.
This is a tool ("Trojan horse") that was inserted into the company's computers and transmitted the information to the attacker.
It is estimated that the pumping of information lasted "between a few days and many hours", and it was discovered and reported only when all the information was already in the possession of the attacker.
Unlike similar incidents in the past, this time the attackers were in no hurry to ask for ransom for the information.
Despite this, the possibility of a ransom event has not yet been ruled out: attackers may want to signal the sensitive information they hold - through posting it on social media (in this case, using a new Twitter account opened yesterday) - hoping Shirbit will pay them to close the affair.
The chances of that happening are very small once the state is involved in the affair, but the potential for harm still exists - and it is great.
The stolen information includes a huge amount of personal information items - names, addresses, phone numbers, family ties, car numbers and credit card numbers.
The dream of every intelligence organization is to have such a database, certainly when it includes all civil servants - who are insured with Shirbit, which won the government tender.
An intelligence organization can use such information to learn vital details about destinations that interest it, or to verify existing information.
It may be used by him for cyber attacks on other personalities and targets he seeks to track, and possibly to physically attack them in the future.
While there is no evidence linking Iran to the group that carried out the break-in, in the days when Tehran is on fire for revenge for the elimination of its nuclear projector Muhsin Fahrizadeh, it is not hard to imagine what gains it might yield if such a reservoir falls into its possession.
As stated, members of the cyber system (with the assistance of GSS officials and the IDF's cyber defense brigade) have not yet completed the investigation.
Along with the possibility that this is, as stated, a ransom or an attempt to speculate on information, there is a possibility that the attackers tried to embarrass the State of Israel, or they want to buy a name for themselves in the vibrant world of cyber attacks.
Shirbit's customers are less interested in the reason for the attack.
They are entitled to better protection of their information, and now they are required to be especially vigilant: check if someone is trying to identify themselves in their place on all sorts of sites, log into their various accounts, use credit cards and other actions that others will try to perform on their behalf.
This vigilance will prevent information misuse, but it will not return the horses to the stable.
Shirbit suffered image damage at the event (a free tip for its managers: communicate with the public and not run away from it via laconic messages), but the incident is bigger than it is.
The State of Israel would do well to use it for two purposes: at the personal level to increase awareness among citizens, certainly at a time when many work from home and therefore there is also a sharp increase in computer attacks, and at the national level to increase our supervision and protection of information.
This will not guarantee complete and complete protection.
Every defense system will have an attack that bypasses it, certainly in a world that rewards far more attackers than defenders.
And yet, from those whose brand they sell is "insurance," more is expected.
Now one can only hope that the damage will amount to the embarrassment caused.