A hacker group called Deus has leaked data it claims it obtained in a cyberattack on the Israeli call center service company Voicenter earlier this week and threatened to leak more data on Wednesday.
Deus claimed it would release 15 TB of data concerning 8,000 companies that work with Voicenter it says it obtained from the cyberattack, including companies such as Mobileye, Partner, Gett and My Heritage, among others. The hacker group also claimed that Voicenter was not the only target in the recent cyberattack.
The data leaked so far includes security camera and webcam footage, ID cards, photos, WhatsApp messages and emails, as well as recordings of phone calls.
The group also shared a photo of the ransom message it displayed on hacked computers, with a demand for 15 bitcoin within 12 hours of the notification on September 19, with 10 bitcoin added every 12 hours. The ransom notice urged the company to pay the price, assuring Voicenter that its files would be returned if it paid and warning that the group would notify customers and release and destroy data if it isn't paid.
On Wednesday, the group posted in its Telegram channel that "That was not everything. We will leak more important data. We have more exciting data to share."
On Monday, Voicenter announced that it had been experiencing a cyberattack since September 18 by a hacker group from outside Israel. The company has notified the authorities. It is as of yet unclear where the hackers are located.
"From the first moment, the incident was handled immediately and quickly throughout the entire time, and with the goal that in the next few hours all systems will return to normal operation and with a minimum of damage to our customers," wrote Voicenter on its Facebook page, ensuring customers it would maintain constant contact and keep them updated. The company also promised to be transparent about any possible data leaks.
On Wednesday morning, Voicenter announced that outgoing calls were working properly, but incoming calls were facing interruptions. The management interface was also only partially working. As of Wednesday afternoon, Voicenter's website was still offline.
Nitzan Gutman, the founder of Voicenter, told Haaretz on Monday that the company is investigating thoroughly for signs of the attack and is currently in the recovery stage and working on getting its systems back up.
"This is a server that was not active and was not connected to our system that used to host the website in the past. After the beginning of the [cyberattack], we tried to see if there was a possibility of quickly getting the old version of our website up that was hosted there," a spokesperson for Voicenter told Haaretz.
Cybersecurity consultant Einat Meyron stressed that the fact that some of the screenshots released were from June "raises difficult questions about the company's ability to detect anomalies in its own network."
The consultant added that the leak also raises questions about why third-party providers are storing this much information from their clients and how clients can ensure that their information is being optimally protected.
"In addition, a video showing the face of the company, the employees during a workday, indicates the ability of the attacker to roam between the various systems and workstations, which apparently did not set, at the very least, different passwords and separate access permissions," added Meyron.
"The length of time the attacker stayed allowed him to extract a great deal of information in a process that was not monitored and not identified, which raises a question about the presence of a data leak prevention system and in general regarding the management of permissions, processes and their true necessity," added the consultant.
"It is very unfortunate that managers knowingly choose to continue to ignore the risk and do not take responsibility for improving their intra-organizational processes just because they think it will not happen or because they believe that an ISO standard or any other regulatory application gives them an answer," said Meyron.
The cyberattack on Voicenter comes as a series of cyberattacks have plagued Israeli businesses and institutions in the past two years, including Israel Aerospace Industries, the Shirbit insurance company and the Amital software company, among others.
The National Cyber Directorate reported that it handled more than 11,000 inquiries on its 119 hotline in 2020, some 30% more than it handled in 2019. The directorate made about 5,000 requests to entities to handle vulnerabilities exposing them to attacks and was in contact with about 1,400 entities concerning attempted or successful attacks.