The cyberattack against Shirbit Insurance is a far more dangerous incident than it appears. The fact that such a trove of information is in the hands of an unknown entity and may later find its way to hostile elements is a true cause for concern and it takes this incident from the realm of the commercial sphere into that of national interest.
Unlike banks, for example, insurance companies are not obligated by the state to take specific cybersecurity measures, but the scope of the breach and the nature of the information that was compromised prompted the National Cyber Directorate to take the lead on the investigation into the hack.
Follow Israel Hayom on Facebook and Twitter
Although Shirbit claimed that it "invests millions of shekels in database security and cybersecurity" and "meets all the strict regulatory requirements in this area," experts in the field have already pointed to multiple failures on the company's part, which made it increasingly vulnerable.
The group that carried out the attack, "Blackshadow," is not known to the NCD. It seems that this is either a new player or an alias hiding an existing one.
A senior official said that the cyberattack was "relatively sophisticated very professional," adding that the hackers send a "Trojan horse" – a type of malicious code – into the company's computers to gather the information. Pumping Shirbit's server for information "took between a few hours and a few days," he added, based on the fact that the breach was detected only after the hackers were in possession of the information.
The investigation has not ruled out the possibility that this was a hack for ransom, although no such demand has been made at this time. Still, now that the state is involved it is highly unlikely it will allow Shirbit to pay any such ransom to stop the hackers from leaking information.
But the potential for damage still exists, and it is substantial. The stolen data includes personal information – names, addresses, phone numbers, license plate numbers, and credit card information. This is a dream trove for any intelligence organization, even more so when it includes information for civil servants, insured by Shirbit since it won a government tender several years ago.
An intelligence organization can use such information to learn vital details about potential targets; it could use the database to launch future cyberattacks against individuals and institutions, and it could use it to mount physical attacks.
There is no evidence linking Iran to Blackshadow, but in times when Iran is threatening vengeance over the assassination of the head of its military nuclear program, it is not hard to imagine what Tehran could gain from getting its hands on such a database.
There is always the possibility that the hackers just wanted to make a name for themselves in the dark web by embarrassing Israel.
The company's image sustained a massive blow, which its laconic press releases have done little to mitigate.
Shirbit's clients should monitor their credit cards and bank accounts very carefully for any suspicious behavior, but that is, of course, of little comfort.
This incident is, however, bigger than Shirbit. The state would be wise to use it to both increase public awareness to cyberattacks and increase NCD oversight of financial institutions.
This will not guarantee hermetic protection. Hackers will forever try to challenge cyber defenses. Still, one expects more from a company that has "insurance" in its name.
Subscribe to Israel Hayom's daily newsletter and never miss our top stories!
