Cyber authority to victims post-Shirbit hack: Get new identity cards

Check Point: Major spike in cyberattacks on Israeli companies

By YONAH JEREMY BOB, JERUSALEM POST STAFF

DECEMBER 6, 2020 18:47

A man takes part in a hacking contest during the Def Con hacker convention in Las Vegas, Nevada, U.S. on July 29, 2017. (photo credit: REUTERS) — A man takes part in a hacking contest during the Def Con hacker convention in Las Vegas, Nevada, U.S. on July 29, 2017.

(photo credit: REUTERS)

The Israel National Cyber Directorate (INCD) on Sunday announced that victims of last week’s hack of the giant insurance company Shirbit should consider obtaining new identity cards and driver’s licenses.

According to the INCD, other aspects of information gained by the hack are less problematic in the future, but hacked ID cards and driver’s licenses could expose victims to identity theft and other impersonation schemes.

The Jerusalem Post has also learned that there is no imminent sense of any government authority being able to step in to take back the stolen information, to pay the ransomware group Black Shadow or to use any kind of offensive capabilities against the group before it can publicize more private information.

Rather, the overall feel is that “the horses have left the stable,” that the damage is irreparable and any positive that can come from the current event is dissecting it so as to avoid future similar events.

As of Sunday morning, the Black Shadow group behind the cyberattack against Shirbit last week leaked a third round of the company's data after Shirbit declined to pay the ransom demand by 9 a.m.

In addition, the group leaked messages from alleged persons interested in purchasing the stolen Shirbit data for their own purposes.

At least one of the messages was from an individual who claimed to want to turn over the data to Iranian government officials.

There was no way to confirm the identities or truth of the alleged purchasers and some of the messages had grammatical errors, which could signify messages forged by Black Shadow personnel who may not be native English speakers.

The Israel Privacy Authority also issued a warning to the private sector on Sunday that many companies are not up to legal standards for defending their clients’ private information.

The latest events came just a day after the group had already released more documents containing the personal information of Shirbit employees and customers over the weekend, as the company had initially refused to pay the ransom demanded.

Included in the released documents are screenshots of WhatsApp conversations, ID cards, marriage certificates and financial documents.

On Friday afternoon, Black Shadow released screenshots of negotiations held between a Shirbit representative and the hacker group. The negotiations did not end with a resolution and the hackers released more data later in the day.

That same morning, Shirbit announced that it does not intend to meet the hacker group’s demand for payment, Israeli media reported.

On Wednesday night, Black Shadow demanded that Shirbit send 50 bitcoin ($961,110) to their bitcoin wallet within 24 hours or else they would leak more information.

The group warned that if the money was not sent, the ransom demand would rise to 100 bitcoins. If another 24 hours pass, the demand will rise to 200 bitcoins.

“After that, we will sell the data to the others,” warned the hackers, adding that they will leak some more data at the end of every 24 hours.

The series of events began on Tuesday when it was discovered that personal information such as ID numbers, drivers’ licenses and registration forms had been leaked from the insurance company.

Black Shadow later claimed credit for the attack in a tweet that read: “A huge cyberattack has been taken [sic] place by Black Shadow team. There has been a massive attack on the network infrastructure of Shirbit Company, which is in Israel economic sphere [sic].”

Also, this past weekend cybersecurity firm Check Point issued data showing that Shirbit is only the largest and worst case in a spike of cyberattacks on Israeli companies in recent months.

A total of 141 companies were attacked with ransomware attacks in November alone and 137 were attacked in October.

According to the data, 14% of the targeted companies are in the hi-tech sector and 7% are in the insurance sector.

An additional 11.5% of attacks were on government offices and 5.6% of the attacks were on the health sector.

Significantly, Check Point said there were signs that the attacks were not merely criminal in nature, but combined either nationalistic motives or might have even been directed by nation-state enemies of Israel.

The cybersecurity firm said that unlike with Shirbit, most of the attacks had been prevented.

Further, the data showed that whereas increasing cyberattacks worldwide were focused more on particular sectors, such as the health sector, attacks on Israel companies covered a much wider range of sectors.

Check Point works with Shirbit so it could not comment on their specific situation.

Tzvi Joffrie contributed to this report.