The hacking of Shirbit Insurance is a far more dangerous incident than it might appear. The fact that such a trove of information is now in the hands of an unknown entity and may later find its way to hostile elements is a true cause for concern and takes this incident from the realm of the commercial sphere into that of national security.
The scope of the breach and the nature of the information that was compromised prompted the National Cyber Directorate (NCD) to take the lead on the investigation into the hack.
Although Shirbit claimed that it “invests millions of shekels in database security and cybersecurity” and “meets all the strict regulatory requirements in this area,” experts in the field have already pointed to multiple failures on the company’s part, which they claim made it increasingly vulnerable.
The group that carried out the attack, “Blackshadow,” is not known to the NCD. A senior official said the attack was “relatively sophisticated, very professional,” adding that the hackers send a “Trojan horse”—a type of malicious code—into the company’s computers to gather the information. Pumping Shirbit’s server for information “took between a few hours and a few days,” he added, based on the fact that the breach was detected only after the hackers were in possession of the information.
The investigation has not ruled out the possibility that this was a hack for ransom, although no ransom demand has been made at this time. Still, now that the state is involved it is highly unlikely it will allow Shirbit to pay any ransom.
Though the attack itself is over, the potential for damage still exists—and it is substantial. The stolen data includes personal information—names, addresses, phone numbers, license-plate numbers and credit-card information. This is a dream trove for any intelligence organization, even more so given it includes information on civil servants, insured by Shirbit since it won a government tender several years ago.
An intelligence organization can use such information to learn vital details about potential targets; it could use the database to launch future cyberattacks against individuals and institutions, and it could use it to mount physical attacks.
It is not hard to imagine what Tehran could do if it got its hands on such a database.
There is always the possibility that the hackers just wanted to make a name for themselves by embarrassing Israel.
The insurance company’s image has sustained a massive blow, which its laconic press releases have done little to mitigate.
Shirbit’s clients should monitor their credit cards and bank accounts very carefully for any suspicious behavior, but that is, of course, of little comfort.
This incident is, however, bigger than Shirbit. The state would be wise to use it to both increase public awareness regarding cybersecurity and increase NCD oversight of financial institutions.
Even this, though, will not guarantee hermetic protection. Hackers will forever try to challenge cyber defenses. Still, one expects more from a company that has “insurance” in its name.
Yoav Limor is a veteran Israeli journalist and columnist for Israel Hayom.
This article first appeared in Israel Hayom.