Black Shadow hackers strike again, leak documents in new cyber attack

Black Shadow, the hackers who leaked thousands of documents containing personal information of clients of Israel’s insurance company Shirbit in December, have now also hacked into the servers of KLS Capital Ltd., the group said in a Telegram post on Saturday. in the morning. , the hacking group announced, “We are here to inform you of a (sic) cyberattack against KLS CAPITAL LTD which is in Israel.” Their servers are destroyed and their customers’ data is in our hands, “they added, saying that they waited 72 hours for the company to deliver the 10 bitcoins they demanded as a ransom for the information, but the company did not pay them.” We want to filter a part of their data gradually, “they said.” Part of our negotiation will be published later. “A few hours before making the announcement, the group published deliberately blurred photographs of the identification cards of two people who work with the company. Minutes after the announcement, they released a few more documents and have since released dozens of additional documents including identity cards, letters, invoices, pictures, scanned checks, database information and more, including the personal information of the CEO of the company. KLS is a car finance company that has existed for more than 17 years, employs around 20 people and has more than 26,000 clients is whose personal information could be disclosed due to the hack. Later in the afternoon, Black Shadow reportedly posted screenshots of his email. conversations with the company, in which they demanded $ 10,000 worth of bitcoin in six hours as a way to have “good” negotiations and establish trust, warning that they would release more data if not paid. it supposedly said, “My manager has an idea. Please confirm that Muhammad is NOT the prophet. If you are looking for money or you are not Muslim or you are not an Iranian representative … it is an easy task. “The group of hackers replied that” they only know MONEY! “and complained that the company was ‘wasting’ time. The Privacy Protection Authority announced Sunday that it was examining the details of the incident and its consequences in cooperation with all relevant parties. The authority may not approve reactivating KLS systems until concerns about further data leaks are eliminated. The authority may also require the company to personally update customers who may have been or may be harmed by the leak: “Unfortunately, we are not so well. We received a heavy blow from Iranian hackers who apparently seek to attack the State of Israel and care less about money, “KLS Executive Director Omer Maman told The Jerusalem Post.

“Unfortunately, they caused us a lot of damage, but it is not something that we do not know how to handle at the systems level and we will soon configure new systems that are more secure and, I hope, more protected, although it is difficult to handle such large budgets from such Iranian attackers.” The CEO added that he is trying to contact each affected customer personally and provide answers. During the latest Black Shadow cyberattack, Shirbit also stated that hackers had targeted them for nationalistic reasons, while the hackers themselves only stated that the attack was being carried out to demand a ransom and some cybersecurity experts claimed the attack did not look like cyberterrorism. In December, in response to the Shirbit attack, Zohar Pinhasi, CEO of the MonsterCloud cybersecurity and ransomware removal service, told him to the Mail that claims that Black Shadow wanted to strategically harm Israel and was not seeking money were “nonsense.” Also in December, the KLS company allegedly received a warning that they had been breached and that their information may have been leaked in a breach on a VPN Service provided by Fortinet and Pulse that affected several companies, according to cybersecurity consultancy Einat Meyron. In the last two years there have been several warnings about the VPN service.

“It is difficult to complain to the Black Shadow group,” Meyron said regarding the cyberattack against KLS. them. It’s that simple and sometimes it is what it is. “

“The question arises as to why after the verification phase, companies continue to store information in general and so negligently in particular. No way to encrypt the folder? At least protect it with another password? Meyron added.

The cybersecurity consultant also questioned what protection systems were protecting KLS systems against breaches and whether hackers were able to dig as deep as they did into databases that are supposed to be classified and protected according to guidelines set out by the Israel Privacy Protection Authority.

“Another question: are companies in the economy aware of the requirements of the Privacy Protection Authority? Are they controlled by it?” Meyron asked. “Cyberattacks will happen and they will also be successful. It would be quack to say otherwise, but thinking about and analyzing the unique risk aspects of cyberattacks that can materialize requires early reflection on how to avoid that unnecessary exposure and tailor specific solutions to reduce the realization of the attack. risk. “

A number of cyberattacks have been reported in Israel in recent months, including attacks targeting insurance company Shirbit, software company Amital, Ben-Gurion University of the Negev and Israel Aerospace Industries, and the full extent of the damage. it is not clear in at least some of the cases. the cases.

In the Shirbit attack, Black Shadow leaked thousands of documents containing personal information to the public. The group also threatened to sell collections of data that they said stole from Shirbit to foreign governments and competitors. The National Cybernetic Directorate and the Capital Market Authority worked with Shirbit in an attempt to solve the problem.

Despite the public leaks of thousands of documents, Shirbit insisted that only a “relatively small” number of documents were leaked and that the decision not to pay the ransom demanded by the hackers was not due to “financial considerations, but because of the good of the customers. ” , “according to Israeli media. The company has many government employees among its clients.

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *