news
News in Israel
Criminal news and law
Sensitive tender and late response: Cyber experts warn of a huge breach in the wand
The hacker group announced an intrusion into the insurance company's systems yesterday, but it announced a suspicion of information leakage only this morning and asked for help from the national cyber system.
It is estimated that information from tens of thousands of people collected over the years has leaked.
Experts in the field have expressed concern: it is not clear if this is all that has been leaked, but the picture is worrying
Tags
Cyber
hackers
Shirbit
Mikey Levy
Tuesday, 01 December 2020, 11:19
Share on Facebook
Share on WhatsApp
Share on general
Share on general
Share on Twitter
Share on Email
0 comments
Speech by Hezbollah Secretary General Hassan Nasrallah on Martyrdom Day, 11 ...
Netanyahu: Shame that Gantz uses the IDF as a tool for political blasting ...
The High Court recommends that the State Attorney's Office open an investigation into the leak ...
Netanyahu "out of national responsibility - I decided tonight to accept ...
Carmel Meuda, who is accused of abusing children, testified, the parents ...
Suspected murder: A 35-year-old man was found dead with gunshot marks at the site ...
The Committee for the Advancement of the Status of Women is discussing a plan to reduce ...
A 17-year-old boy from a candle shield was stabbed to death in a brawl;
7 suspects ...
Violence incident in Jerusalem, two family members were seriously injured ...
Murder in Araba: A man collided with his ex-wife's car and stabbed her ...
The court discusses the arguments for the sentence of the head of the Julis council ...
Shooting at a bank branch in Marar: suspect killed, young woman moderately injured ...
Edited by Nir Chen
Sources in the cyber industry warned today (Tuesday) that the hackers who broke into the servers of the "Shirbit" company may have even more information than what was published.
"This is a very big attack," the sources say, "on the one hand they have published quite a few things. On the other hand, it is not clear if this is all there is or it is just a promo. One way or another it is quite a bit. It is difficult to know everything they have, so far It's very worrying. "
The BlackShadow hacker group claimed responsibility for the hack into the company's servers, and posted huge amounts of customer and document information on its Twitter and telegram accounts, from 2012 to 2020, in a volume of 929 gigabytes.
In the leaked information, you can find ID numbers - which are used by many bodies, including government agencies, as a secondary means of verification.
Less than a month ago, Shirbit won a tender for private car insurance for civil servants in 2021, with many insured serving in the security forces.
Among the recordings posted on the attackers' telegram page, there is a conversation with a customer, her ID number and the details of the accident she spoke to the company about.
In addition, an email was published containing credit card details, as well as the details of Judge Gilad Neutel, who serves as president of the Tel Aviv District Court.
More on Walla!
NEWS
Hackers hacked into the servers of the insurance company "Shirbit" and leaked personal information on a huge scale
To the full article
Huge amount of documents collected over the years (from the documents published by the blackShadow group)
It is not clear how long the attackers planned and worked on the attack.
"Hackers are working with automated tools, looking for a burst (eg date software or information push, allowing entry - mL) automatically, and once entering derive the information within minutes," says an executive at a cyber large.
"This does not necessarily mean that's what happened , But in general, to get a lot of information does not need prolonged tracking.
"Of course there are completely different scenarios - and all on the table right now because it is not clear - such as tracking a specific employee, or dropping employees through various scams," he concluded.
Sensitive information of customers, including civil servants (from the documents published by the blackShadow group)
The hacker group's accounts announced the attack as early as 4pm yesterday.
However, just this morning, "Shirbit" announced, in conjunction with the Capital Market, Insurance and Savings Authority and the National Cyber Array, that it is investigating a suspicion of a cyber attack on the company's website and its servers and a leak of private customer information.
The company began investigating the suspicion last night, and asked the national cyber system to assist them in locating the information leak and the damage of the hack.
The joint announcement to the company and the capital authority stated that the investigation into the matter is ongoing but according to India that they estimate that information has indeed been leaked.
"An initial inspection shows that this is information about customers' insurance details. In a joint effort by the authority and the system, the inspection continues," it was reported.
The cyber system and the Capital Market Authority stated that "as a result, the system, together with the authority, has refined its guidelines for the institutional bodies in the economy."
"Information obtained from the company and tests conducted suspect a cyber incident against the company, in which insurance documents were issued from the company. We note that the data released does not contain information that could harm our insureds. The company has taken and will continue to take all necessary measures to prevent such incidents." Which was sent to the company's customers, and it was emphasized that the incident was still being processed.
The company's website, which is still disabled, states that "Shirbit works to protect the confidentiality of the data using advanced security methods and is committed to the issue. The information security on the website is intended to ensure customer identification and encryption of the identification data transmitted during the call process."
Despite this, the leaks published by hackers showed credit details and IDs that had passed through the email, without encryption.
Share on Facebook
Share on WhatsApp
Share on general
Share on general
Share on Twitter
Share on Email
0 comments