Israel’s National Insurance Institute targeted in hack

Israel’s National Insurance Institute has had its website crash due to a cyberattack. The NII said the method of attack was a denial of service (DoS) attack, one where the website is being overloaded with information. 

According to the NII, their database was not affected, and the hack is currently limited to interfering with the website’s functioning, making the NII unable to respond to inquiries. The NII has stated that personal details and data have not been accessed. 

The incident was being handled by the organisation’s cyber and computer personnel, who brought the site back online after approximately 2 hours. The NII also added in a statement that they have blocked access to the site from abroad, which is believed to have been where the attack originated from. 

The Israel National Cyber Directorate (INCD) usually steps in to assist both public and private institutions if a hack is beyond the company’s internal cyber defence capabilities. The INCD has not yet stepped in to assist the NII, suggesting that the hack was not necessarily a threat to spread and cause wider national damage. Although the full extent of the attack will be determined in the coming days.  

It is unclear whether the hackers were a nation-state or a criminal group, or a criminal group sponsored by a nation-state. 

Regarding the NII hack, cyber resilience expert, Einat Meron has said “Denial-of-Service attacks should be managed according to the rules defined by the organisation given its familiarity with customers’ browsing habits. However, weaknesses might always emerge or develop, which requires regular attention that will allow for up-to-date, continuous assessments of the situation. It is important to remember that any DoS attack might, in fact, serve as a smoke screen disguising a deeper, more sophisticated attack”.