The online service of the Italian department of social security and welfare (INPS) is back in operation after a cyber-attack forced the website to go offline on 1 April. The attack stalled the processing of applications for coronavirus benefits.
Welfare agency head Pasquale Tridico told state broadcaster RAI that INPS was sorting out 339,000 applications for the €600 (£520) benefits for VAT-registered and self-employed Italians, when hackers blocked access to the website, Reuters reported earlier.
The Italian ministry of labour and social policies, which supervises the agency, tweeted on 1 April, that the INPS website was temporarily suspended due to “hacker attacks”.
Neither the Italian media nor the government PR has attributed the attack to any particular groups. Vigilante hacking groups have a history of targeting government services, but the nature and timing of this attack rules them out, said Ray Walsh, digital privacy expert at ProPrivacy.
Immuniweb founder and CEO Ilia Kolochenko agrees that though it seems like a DDoS attack, the information available is too little to make any conclusions.
“The website was already tremendously overloaded with legitimate users desperately seeking help among this unprecedentedly disastrous crisis. Hence, even a tiny botnet is now apt to substantially disrupt the website’s availability and performance.”
The worst possible prediction now is the hand of a professional cyber-gang behind this attack, as they will likely exploit some weaknesses and architectural flaws of the web application to boost the amplitude of the DDoS, eventually expecting to get a ransom for stopping their activities, noted Kolochenko.
“The victims are now between Scylla and Charybdis, as paying the ransom will be a signal to many other gangs about this low-hanging fruit, while refusing will prevent the most vulnerable people in need from getting timely help that is so necessary in these uncertain times,” he said.
Given the present situation of crisis, coupled by the political tensions, it is wise to wait for the results of a formal cyber-security probe that analyses the digital footprints to carefully ascertain the origin of the attack, said Walsh.
“The world is on high alert since the outbreak, and political tensions between the US and China are already heightened, it is possible that politically motivated hackers could attempt to frame a particular country to add to that tension. For this reason, it is important not to jump to any conclusions or to point the finger without concrete evidence,” he said.
The attack came to light late on 31 March as applications started pouring in to the INPS website. Italians took to Twitter to report the unresponsive website, with the hashtag #INPSdown trending that day.
Twitter users also started posting about the website throwing up personal information of applicants. The personal details of Italian users who attempted to apply for Covid-19 benefits being displayed online is extremely concerning, as the data could be used for identity theft, fraud, and secondary phishing attacks, Walsh pointed out.
“It will now be necessary for the Italian government to ascertain exactly how it’s social security system was attacked in order to plug those holes, and anti-fraud measures that ensure those affected are protected will now be needed, adding to the problems that the Italian government are already facing dealing with the ongoing crisis.”