Governance & Risk Management , IT Risk Management , Next-Generation Technologies & Secure Development
Italian Social Security Website Disrupted
News Reports Say Officials Investigating After Thousands Could Not Access SiteItalian officials are investigating whether a disruption this week of access to the country’s social security website was due to a hacking incident or a network overwhelmed by demand for benefits offered during the COVID-19 pandemic, according to Reuters and local media reports.
See Also: Revealing the threat landscape with the 2024 Elastic Global Threat Report
The incident happened as more than 339,000 Italian citizens began applying Wednesday for benefits from the government to help them deal with the aftermath of the COVID-19 pandemic that has devastated the economy, according to Reuters. The Italian government is offering self-employed and seasonal workers payments of 600 ($655).
Italy has been hit hard by the COVID-19 crisis. Johns Hopkins University reports that as of Friday morning, the country has had more than 115,000 confirmed cases and nearly 14,000 fatalities.
Website Disruptions
Pasquale Tridico, the president of the Istituto Nazionale Previdenza Sociale, or INSP, Italy's public retirement and social security agency, told local news media Wednesday that the department sustained "multiple hacking attempts," which forced the website's operations to close down for several hours this week, according to Reuters. Tridico did not offer specifics, and no immediate evidence of a cyber intrusion was released by the Italian government.
The president of the Italian Institute for Social Security highlighted that the attacks came from 'hackers' who paralyzed the site, which was then re-accessible in the afternoon, according to Agenzia ANSA, a local Italian news wire service.
Hack or Network Overload?
On Wednesday, when citizens began applying for benefits on the website, they encountered long service delays disruptions, with some reporting that they noticed personal data of other beneficiaries displayed, Reuters reports.
Tridico told Agenzia ANSA that the incident may have been caused by an attacker exploiting a flaw in the INSP website.
On Thursday, however, Tridico added that government investigators were also checking to see if the large number of submissions may have overwhelmed the network supporting the website and caused the system to crash, Agenzia ANSA reports.
Nunzia Catalfo, Italy’s minister of labor and social policies, told an Italian radio station that the website sustained another attack on Thursday night, but that this did not cause any disruptions in service.
The Italian Data Protection Authority, the country's privacy watchdog, announced Thursday that it has launched an investigation into this incident to determine whether citizens' personal data was exposed or if privacy rights were violated, Agencia ANSA reports.
COVID-19-Themed Fraud
In recent weeks, cybercriminals have increasingly capitalizing on COVID-19 pandemic, especially after governments around the world announced economic stimulus packages (see: Phishing Campaigns Leverage Latest COVID-19 Themes)
A recent report by security firm Trustwave found that fraudsters are attempting to target Italian-speaking individuals with phishing emails designed to spoof messages from the World Health Organization about the outbreak of COVID-19 in Italy.