DDoS attacks took down Italy’s social security website amid COVID-19 crisis

Talk about kicking someone when they’re down…:

[…] On 1st April, when thousands of Italians were trying to apply for the benefit on the INPS website, they faced multiple disruptions. Some users said that they were able to view other individual’s information when they were tried to complete their requests. These included names, addresses, email addresses, phone numbers, tax codes, last login time and certain personal messages between the user and the INPS.

Andrea Ganduglia, software developer and CEO of Frequenze Software, told The Daily Swig that “anyone who had visit[ed] the website during 9AM and 11AM (local time) had the visibility on those data, but I think that the leak has involved few tens of people (I saw randomly four profile[s]).”

As of 2nd April, the website was up and running again. But the cyber attack did raise serious questions about the security of Italy’s digital infrastructure especially when the country is fighting hard with the Coronavirus pandemic. Tridico, however, confirmed that he informed police about the cyber attack but did not mention anything in regards to a data breach.

“Notwithstanding that the website is already tremendously overloaded with legitimate users desperately seeking help among this unprecedentedly disastrous crisis. Hence, even a tiny botnet is now apt to substantially disrupt the website’s availability and performance,” said Ilia Kolochenko, Founder & CEO of ImmuniWeb.

[…]

Original article here