Cyber ​​attack on the website and servers of the insurance company Shirbit; Information on policyholders leaked to the network

The Capital Market Regulator and the National Cyber Infrastructure are examining, as of yesterday, the suspicion of an intrusion in which information on the clients of the firm was leaked to the network. It is estimated that the breach was not made for greed capital, but there is no way to link the breach specifically to one or another cause for now.

10:50 GMT, Tuesday, December 1, 2020
The Capital Market Regulator and the National Cyber System are investigating, as of yesterday (Monday), the suspicion of a cyber attack on the website and servers of the insurance firm Shirbit in which information about the clients of the company was allegedly leaked. The market page has failed and is now offline.

As far as is known at this point, credit card data are not included in the leaked documents, but details regarding the clients of the organization are listed.

Shirbit, which belongs to Yigal Rabnoff and is managed by Zvika Liboshor, is an insurance firm operating in the basic insurance market (car insurance, apartment, travel abroad, etc.). The business began as an insurance broker and acquired a license from an insurance company in 2000. Shirbit is one of the smallest insurance firms in the industry, and a large amount of its stock is directly distributed to policyholders.


Omri Segev Moyal, CEO of the tech company Propro: “This is in my view, a hack that has not been carried out for greed. Countries such as North Korea, Russia and Iran. Hacking companies in Israel is very easy, however. Their cyber investment is minimal and any talented child can break into systems. A company such as Shirbit’s security costs about $2 million a year It’s about $2 million a year,

Cyber hack specifications that came to us It is clear that a large portion of the information on the network has already been leaked by the hackers. Segev Moyal adds, “The break-in did not start yesterday and I would not be surprised if it has been going on for a long time probably months,”

“Although it is said that this is an incident that started yesterday, the data published by the hackers show that it has been going on for longer, at least three days,” describes Jackie Altel, CEO of Yahav Cyber Solutions. Personal client records and ID pictures have been leaked, but for example, it could also be credit card numbers,”Personal details and ID photos of customers have been leaked, but it could also be credit card numbers for example,”

You will see a night of papers, car licenses, insurance proposal forms for civil servants from the details released on the network (Shirbit won the Knesset tender for the provision of insurance coverage for civil servants along with Harel Hashana, RK), insurance claims files, a list of company’s email servers and even mailboxes. “I saw entire mailboxes of employees with all the emails.”


About the cause of the break-in, Altel is less confident. But what is clear is that it does not look like a ransomware attack in his eyes. While there have been stories related to the move by the Iranians, who reportedly took vengeance three days ago for the assassination of a nuclear scientist, it turns out that the breach is older. There is no way to allocate the hack to one aspect or another explicitly.

Perhaps the only thing that is clear is that this is not a hack for money from greed. On the other hand, it may also be a young criminal hacker seeking to inspire his world with his talents and create a reputation in the group for himself. This is an evaluation which Segev Moyal still agrees with. However it is also possible to estimate that such a situation may be part of an extortion process, since then some of the information in their possession has been released by the hackers in order to force the target organization to pass the payment needed to it.


The troubling part of the story, though is that the Knesset does not care that cyber incidents should be dealt with by businesses that win their tenders. Multiple information of state staff were released in the latest event. This is the evidence that can be used to attack their points,”This is information that can be used for their point attack,”

Such an incident is quite reminiscent of the successful hacking a few years ago of hackers – presumably Russians or North Koreans – into the US administration’s manpower bureau networks. It is enough that a confidential or delicate role is being played by the civil servant and it is very easy to see where such an occurrence will go. Personal or financial information will make it easier to bribe him. And there have been situations like that in the US and Europe in the past. The records leaked go back many years. For instance, with exact personal information, you can see insurance records from 2013. So it could be an event that’s been going on for a long time and it’s just announced today.

Economists at Midroog point out that cyber attacks raise the risk of credibility and impose various degrees of credit risk based on the market, the scale of the enterprise and the interaction with its clients. Relatively low transport costs firms – such that their clients will quickly switch to rivals –

As a consequence of a cyber attack on the company, they are substantially more dependent on a relationship of confidence with the client and are more vulnerable to reputational harm. Midroog states that as part of the blackmail process, one of the attackers’ tactics is to openly disclose information that belongs to the organization or its clients. Last May, Midroog cited a study by the Bank of Israel that calculated which sectors are more prone to consumer abandonment following a cyber attack. The health sectors, led by the banking, services, technology and energy industries, are at the top of the list.