Black Shadow hackers strike again, leak documents in new cyberattack
Black Shadow, the hackers who leaked thousands of documents containing the personal information of customers with Israel’s Shirbit insurance company in December, have now hacked the servers of K.L.S. Capital Ltd. as well, the group said in a Telegram post on Saturday.
On Saturday morning, the hacker group announced, “We are
here to inform you a (sic) cyber attack against K.L.S CAPITAL LTD which is in
Israel.
“Their servers are destroyed, and their client data is in
our hands,” they added, saying that they waited 72 hours for the company to
give them the 10 bitcoins they demanded as ransom for the information, but the
company failed to pay them.
“We want to leak some part of their data gradually,” they
said. “Part of our negotiation will be published later.”
A few hours before making the announcement, the group
released purposely blurred photographs of the identification cards of two
people who work with the company. A few minutes after the announcement, they
released a few more documents and have since released dozens of additional
documents including identity cards, letters, invoices, images, scanned checks,
database information and more, including the personal information of the CEO of
the company.
K.L.S. is a car financing company that has been around for
over 17 years, employing some 20 people and with over 26,000 existing customers
whose personal information could potentially be released due to the hack.
Later in the afternoon, Black Shadow released screenshots
allegedly of their email conversations with the company, in which they demanded
$10,000 in bitcoin within six hours as a way of having “good” negotiations and
establishing trust, warning that they would release more data if they aren’t
paid.
An email from the company to the hackers allegedly read: “My
manager has an idea. Please confirm that Muhammad is NOT the prophet. If u r (sic) for money or not Muslim or not an
Iranian proxy .. it is an easy task.”
The hacker group responded that they “just know MONEY!” and
complained that the company was “wasting” their time.
The Privacy Protection Authority announced on Sunday that it
was examining the details of the incident and its consequences in cooperation
with all relevant parties. The authority may not approve the reactivation of
K.L.S.'s systems until any concerns of further data leaks are removed. The
authority may also require the company to personally update customers who may
have been harmed or are likely to be harmed by the leak.
“We’re sadly not so ok. We took a heavy blow from Iranian
hackers who apparently are seeking to attack the State of Israel and they care
less about the money,” said K.L.S CEO , Omer Maman, to The Jerusalem Post.
“Sadly they caused us a lot of damage, but it’s not
something that we won’t know how to handle on the systems level and we’ll set
up new systems soon that are more secure and, I hope, more protected, even
though it’s difficult to handle such large budgets of such Iranian attackers.”
The CEO added that he is trying to contact every affected
customer personally and to provide answers.
During Black Shadow’s last cyberattack, Shirbit also stated
that the hackers had targeted them for nationalistic reasons, while the hackers
themselves only stated that the attack was being conducted for ransom and some
cybersecurity experts stated that the attack did not seem like cyberterrorism.
In December, in response to the Shirbit attack, Zohar
Pinhasi, CEO of the ransomware removal and cyber security service MonsterCloud,
told the Post that the claims that Black Shadow wanted to strategically harm
Israel and is not looking for money were “nonsense.”
Also in December, the K.L.S. company reportedly received a
warning that they had been breached and that their information may have leaked
in a breach in a VPN service provided by Fortinet and Pulse that affected a
number of companies, according to cybersecurity consultant Einat Meyron. A
number of warnings about the VPN service have been published in the past two
years.
"It's hard to come up with complaints to the Black
Shadow group," said Meyron in regards to the cyberattack against K.L.S.
"If companies hold sensitive customer information, without any means of
protection and control, they'll pick up what's on the floor for them. It's that
simple and sometimes it is what it is."
"The question arises why after the verification phase,
companies continue to store the information in general and in such a negligent
manner in particular. Is there no way to encrypt the folder? At least protect
it with another password?" added Meyron.
The cybersecurity consultant additionally questioned what
protective systems were protecting K.L.S.'s systems against breaches and if and
how hackers were able to get as deep as they did into databases that are
supposed to be classified and protected according to guidelines set by Israel's
Privacy Protection Authority.
"Another question: are companies in the economy at all
aware of the Privacy Protection Authority's requirements? Are they controlled
by it?" asked Meyron. "Cyber attacks will happen and also succeed. It
would be charlatanic to say otherwise, but early thinking and analyzing the
unique risk aspects of cyberattacks that may materialize requires early
thinking on how to avoid such unnecessary exposure and tailoring specific
solutions to reduce risk realization."
A series of cyberattacks were reported in recent months in
Israel, including attacks targeting the Shirbit insurance company, the Amital
software company, Ben-Gurion University of the Negev and Israel Aerospace
Industries, with the full extent of the damage unclear in at least some of the
cases.
In the Shirbit attack, thousands of documents containing
personal information were leaked to the public by Black Shadow. The group also
threatened to sell collections of data they said they stole from Shirbit to
competitors and foreign governments. The National Cyber Directorate and Capital
Market Authority worked with Shirbit in an attempt to solve the issue.
Despite the public leaks of thousands of documents, Shirbit
insisted that only a “relatively small” number of documents were leaked and
that the decision not to pay the ransom the hackers demanded was not from
"financial considerations, but rather for the good of the customers,"
according to Israeli media. The company has many government employees among its
clients.
Comments
Post a Comment