ELTA customers whose personal data ended up on the “dark web” (Dark Web) are estimated at approximately 4.6 million, through the major cyber attack that took place on the company’s information systems on March 20, 2022.
Despite the assurances of the ELTA administration at the time (it was replaced after this serious incident) that it was a “limited attack”, from the investigations of the competent services that followed it emerged that the leak of personal data was ultimately quite large. After all, this was also the reason why the Personal Data Protection Authority imposed a mammoth fine of 2,995,140 euros on ELTA a few days ago.
It is estimated that the misleading messages that citizens still receive today on their mobile phones (via SMS) or in their e-mails (via emails urging them to pick up non-existent items or update their personal information) are due to that unprecedented malware attack that had been unleashed on ELTA by unknown cybercriminals.
The “black holes” of the system
It is recalled that the hackers had taken advantage of the “black holes” of the outdated ELTA information system.
In particular, the investigations revealed that the targeted cyber attack, which aimed to encrypt critical systems for the operational operation of ELTA, was initiated by zero day malware. The specific software was “planted” in a regional ELTA workstation and with the “https reverse shell” technique it was connected to a computer system, which was controlled by a group of cybercriminals.
Who was targeted?
The target of the zero-time malware was mainly the financial services of ELTA and the personal data of their customers. It is noted that in addition to the electronic systems that serve the daily payments (DEKO accounts, etc.) of the citizens, but also the pension payments, ELTA also operates as a banking organization. In particular, thousands of pensioners (mainly of the OGA) maintain ELTA bank accounts, in which their pensions are deposited.
The cybercriminals managed to connect to one of ELTA’s regional computer systems, using the “https reverse shell” technique. This is, as IT security experts explain, a popular technique used by “attackers” to insert their own infected code into an executable source code of an Organization, with the ultimate goal of gaining control over it. Despite the “firewalls” and security hardware (IPS, IDS, Proxy, AV, EDR…) developed by the creators of the operating systems themselves, to be able to detect these attacks, their protection is not guaranteed to 100 %.
However, after the specific incident ELTA procured and now have new state-of-the-art information systems with an increased security index, like all the corresponding postal and banking organizations in Europe.
#ELTA #Cyber #attack #data #million #customers #ended #dark #Internet