Cyber Attack Against E-Albania and Its Social, Economic and Strategic Effects
Journal Title: Journal of Corporate Governance, Insurance, and Risk Management - Year 2022, Vol 9, Issue 2
Abstract
Purpose: During last years, even because of pandemic situation caused by covid-19 virus, in Albania most of governmental public services for citizens, businesses and other customers were offered in an electronic way by creating a national database (e-Albania), offering more than 2200 services. As this electronic system was newly implemented, time after time it was attacked from hackers in different sectors of services, causing the interruption of service for hours, downloading all the confidential information and publishing them. After several partial attacks, in July 2022 came the general attack of the whole system, which black out the system and services for several days. Cyber actors - identifying as “HomeLand Justice” - launched a destructive cyber-attack against e-Albania which rendered websites and services unavailable. An investigation indicates cyber actors acquired initial access to the victim’s network approximately 14 months before launching the destructive cyber-attack, which included a ransomware-style file encryptor and disk wiping malware. The actors maintained continuous network access for approximately a year, periodically accessing and exfiltrating e-mail content. From late July to mid-August 2022, social media accounts associated with HomeLand Justice demonstrated a repeated pattern of advertising Albanian Government information for release, posting a poll asking respondents to select the government information to be released by HomeLand Justice, and then releasing that information - either in a .zip file or a video of a screen recording with the documents shown. This cyber-attack creates social problems, economical loss and influenced negatively in the reputation of e-Albania and damage as well strategically the country and development of this sector in the future. Methodology: We have monitored the system and the attack, and we continue to do this. We analyze and synthesis the data collected, to come to conclusions and recommendations needed for the future. All the data which we have used are open for public, and mostly are primary data. The research method combines both quantitative and qualitative methods, but it is closer with qualitative method, as far as there in not enough data for using e pure quantitative analysis. We have used mostly the descriptive method. Results/Findings: Improving essentially the cyber infrastructure to avoid in the future such attacks with high social, economic and strategical cost. Conclusions: In the institution there was not a team for Cyber Security Monitoring the system, so called SOC (Security Operation Center), who controls in the real time all the logins. It was missing as well so called “Identifying Behavior”. There was not e separation of active directory, in physic machines and virtual machines, they were altogether. As the administrator had Full Right Privilege, the hacker doesn’t need to create a Privilege Escalation Vertical, so he easily took all the right of Admin. Originality and Practical Implications: The paper is original; it has not been previously published and it is not under consideration by any other publisher. The originality of the method stands in the fact that it is the first case in the world in information age, that a country (a whole electronic system, e-Albania), face a such complex, well organized and hard cyber-attack, which collapse the system for several days. All the data are authentic ones.
Authors and Affiliations
Aleksander Biberaj, Enida Sheme, Alban Rakipi, Sonila Xhaferllari, Renalda Kushe, Mirjeta Alinci
Keywords
Related Articles
- EP ID EP732690
- DOI https://doi.org/10.56578/jcgirm090204
- Views 83
- Downloads 0
Impact of Governance Mechanisms on Agency Costs in CAC 40 Listed Firms: An Empirical Analysis (2005-2023)
This empirical investigation examines the influence of corporate governance mechanisms on agency costs among firms listed on the CAC 40 index from 2005 to 2023. Agency costs were evaluated using three proxies: asset turn...
Which Index is More Affected by CDS Premium and VIX Index: BIST-30 or Participation-30?
Purpose: This study aims at determining the existence and, if any, the extent of comparative effects of the CDS premium and the VIX index on the BIST-30 and the Participation-30 indices before and during the pandemic. Me...
Performance Appraisal of Iron and Steel Enterprises Listed on BIST: An ENTROPY-Based TOPSIS Approach
The global iron and steel sector is currently navigating a period marked by significant volatility, driven by rising overcapacity and stagnating demand. In this challenging environment, businesses are increasingly compel...
Corporate Governance Dynamics: Contending with Egocentric Leadership and Enhancing Board Efficacy
This study investigates the critical role of corporate governance in facilitating positive organisational transformations and countering the detrimental impacts of egocentric leadership. By embracing a qualitative descri...
Exploring the Determinants of Managerial Vulnerability to Manipulation: A Qualitative Investigation
Managerial proficiency, a multifaceted construct, encompasses numerous attributes and is thought to be augmented by experience. Despite the inherent complexities of management roles, susceptibility to manipulation poses...