Purpose: During last years, even because of pandemic situation caused by covid-19 virus, in Albania most of governmental public services for citizens, businesses and other customers were offered in an electronic way by creating a national database (e-Albania), offering more than 2200 services. As this electronic system was newly implemented, time after time it was attacked from hackers in different sectors of services, causing the interruption of service for hours, downloading all the confidential information and publishing them. After several partial attacks, in July 2022 came the general attack of the whole system, which black out the system and services for several days. Cyber actors - identifying as “HomeLand Justice” - launched a destructive cyber-attack against e-Albania which rendered websites and services unavailable. An investigation indicates cyber actors acquired initial access to the victim’s network approximately 14 months before launching the destructive cyber-attack, which included a ransomware-style file encryptor and disk wiping malware. The actors maintained continuous network access for approximately a year, periodically accessing and exfiltrating e-mail content. From late July to mid-August 2022, social media accounts associated with HomeLand Justice demonstrated a repeated pattern of advertising Albanian Government information for release, posting a poll asking respondents to select the government information to be released by HomeLand Justice, and then releasing that information - either in a .zip file or a video of a screen recording with the documents shown. This cyber-attack creates social problems, economical loss and influenced negatively in the reputation of e-Albania and damage as well strategically the country and development of this sector in the future. Methodology: We have monitored the system and the attack, and we continue to do this. We analyze and synthesis the data collected, to come to conclusions and recommendations needed for the future. All the data which we have used are open for public, and mostly are primary data. The research method combines both quantitative and qualitative methods, but it is closer with qualitative method, as far as there in not enough data for using e pure quantitative analysis. We have used mostly the descriptive method. Results/Findings: Improving essentially the cyber infrastructure to avoid in the future such attacks with high social, economic and strategical cost. Conclusions: In the institution there was not a team for Cyber Security Monitoring the system, so called SOC (Security Operation Center), who controls in the real time all the logins. It was missing as well so called “Identifying Behavior”. There was not e separation of active directory, in physic machines and virtual machines, they were altogether. As the administrator had Full Right Privilege, the hacker doesn’t need to create a Privilege Escalation Vertical, so he easily took all the right of Admin. Originality and Practical Implications: The paper is original; it has not been previously published and it is not under consideration by any other publisher. The originality of the method stands in the fact that it is the first case in the world in information age, that a country (a whole electronic system, e-Albania), face a such complex, well organized and hard cyber-attack, which collapse the system for several days. All the data are authentic ones.
Read full abstract