The Technion, Israel’s prestigious technology research university, located in Haifa, has fallen victim to a cyber attack. The institution confirmed the attack yesterday (Sunday) on Twitter.
“The scope and nature of the attack are under investigation,” said the Technion’s tweet. “In order to carry out the process of collecting and handling the information, we are utilizing the best experts in the field, both in and outside the Technion, and are coordinated with the authorized authorities.”
The Technion also announced that, as part of the investigation, it has proactively blocked all communication networks. As of yet, its website is offline.
The attack appears to have happened between Saturday night and Sunday morning. Israeli press reports that an unknown threat group called DarkBit is behind this attack, and has demanded a ransom of 80 bictoin – the equivalent of $1.7 million, or NIS 6.2 million.
“There could be several reasons for the motivation behind stealing data from the Technion. The first reason could be political. Countries like Iran, China and Russia, for example, could benefit greatly from this data,” said Alex Steinberg, Product Manager at ESET. “In addition, the attackers might have wanted to steal the data in order to sell it to the highest bidder.”
In their ransomware note, the attackers seem to be asking for a large sum of money – but this could also be a disguise for other purposes.
“The cyber attack against the Technion has showed us, once again, how vulnerable Israeli organizations are to hackers– whether the motivations are financial or ideological, against the State of Israel,” commented Eddie Aviad, Deputy Manager and Head of Financial Solutions at Aon Israel.
“This isn’t the first time an academic institution in Israel has experienced a significant attack. As organizations holding extensive sensitive data, academic institutions are an easy target – this is because, unlike most critical state infrastructure organizations and commercial organizations that enjoy large budgets, the IT security system of academia, in most cases, isn’t strong enough.
“We should soon be hearing the question of whether the Technion was properly prepared for handling such an incident, and how its management and board have prepared, ahead of time, a plan of action.”
"Another important question that is likely to arise is whether the Technion has valid cyber insurance that can cover the damages caused not only to the institution but also to third party victims.