From the “I can’t believe the scale of this” department, comes this story where Greece’s Land Registry has been hit by 400 cyberattacks that have resulted in what they call a “limited scale” data breach.
Mind. Blown.
I’m going to come back as to why my mind is blown. But first, here’s the relevant details:
The Land Registry agency in Greece has announced that it suffered a limited-scope data breach following a wave of 400 cyberattacks targeting its IT infrastructure over the last week.
The agency said hackers managed to compromise employee terminals and steal 1.2 GB of data, corresponding to roughly 0.0006% of the total data held by the government organization.
The stolen data reportedly does not contain any citizens’ personal information but primarily consists of typical administrative documents, the exposure of which is not expected to impact the registry’s operations.
The announcement also mentions that the hackers attempted to create a malicious user to infiltrate the agency’s central database, but they failed.
One of the database’s backups, which are updated daily, was accessed by the unauthorized actors. However, the subsequent attempt to exfiltrate the data to an external server was blocked.
The Land Registry’s internal investigation, aided by the Cybersecurity Directorate of the General Staff of National Defense, has not found any evidence of ransomware having been deployed on the breached systems.
Emergency actions to reduce the risk of ransomware have been taken, like terminating all VPN access to block malicious users.
Rogier Fischer, CEO, Hadrian had this comment:
“Based on the information provided, the data breach at the Land Registry agency in Greece doesn’t seem to fall under the GDPR’s mandatory disclosure bracket. The stolen data amounted to 1.2 GB or 0.0006% of the agency’s total data, and it primarily consisted of administrative documents without any citizens’ personal information,”
“Since the breach did not affect personal data or disrupt the agency’s operations, it likely doesn’t pose a significant risk to individuals’ rights and freedoms.”
“Despite the large number of cyberattacks, the agency successfully blocked attempts to exfiltrate data and thwarted further malicious activities. Such proactive approach helps maintain trust and demonstrates commitment to data protection, even if formal disclosure isn’t required,”
While I applaud this organization for shutting this down, it still blows my mind that the threat actors tried as hard as they did to try and set up shop and steal data. This illustrates why you need robust, multi layered defences to not only keep the bad guys out, but to respond if they get in.
Related
This entry was posted on July 23, 2024 at 11:34 am and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Greece’s Land Registry Has Been Attacked On A Scale That I Have Never Seen Before
From the “I can’t believe the scale of this” department, comes this story where Greece’s Land Registry has been hit by 400 cyberattacks that have resulted in what they call a “limited scale” data breach.
Mind. Blown.
I’m going to come back as to why my mind is blown. But first, here’s the relevant details:
The Land Registry agency in Greece has announced that it suffered a limited-scope data breach following a wave of 400 cyberattacks targeting its IT infrastructure over the last week.
The agency said hackers managed to compromise employee terminals and steal 1.2 GB of data, corresponding to roughly 0.0006% of the total data held by the government organization.
The stolen data reportedly does not contain any citizens’ personal information but primarily consists of typical administrative documents, the exposure of which is not expected to impact the registry’s operations.
The announcement also mentions that the hackers attempted to create a malicious user to infiltrate the agency’s central database, but they failed.
One of the database’s backups, which are updated daily, was accessed by the unauthorized actors. However, the subsequent attempt to exfiltrate the data to an external server was blocked.
The Land Registry’s internal investigation, aided by the Cybersecurity Directorate of the General Staff of National Defense, has not found any evidence of ransomware having been deployed on the breached systems.
Emergency actions to reduce the risk of ransomware have been taken, like terminating all VPN access to block malicious users.
Rogier Fischer, CEO, Hadrian had this comment:
“Based on the information provided, the data breach at the Land Registry agency in Greece doesn’t seem to fall under the GDPR’s mandatory disclosure bracket. The stolen data amounted to 1.2 GB or 0.0006% of the agency’s total data, and it primarily consisted of administrative documents without any citizens’ personal information,”
“Since the breach did not affect personal data or disrupt the agency’s operations, it likely doesn’t pose a significant risk to individuals’ rights and freedoms.”
“Despite the large number of cyberattacks, the agency successfully blocked attempts to exfiltrate data and thwarted further malicious activities. Such proactive approach helps maintain trust and demonstrates commitment to data protection, even if formal disclosure isn’t required,”
While I applaud this organization for shutting this down, it still blows my mind that the threat actors tried as hard as they did to try and set up shop and steal data. This illustrates why you need robust, multi layered defences to not only keep the bad guys out, but to respond if they get in.
Share this:
Like this:
Related
This entry was posted on July 23, 2024 at 11:34 am and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.