On Friday, American insurance coverage large Aflac disclosed that its techniques have been breached in a broader marketing campaign concentrating on insurance coverage firms throughout america by attackers who might have stolen private and well being info.
Aflac (brief for American Household Life Assurance Firm) is the biggest supplemental insurance coverage supplier within the U.S. and a Fortune 500 firm that gives insurance coverage providers to thousands and thousands of shoppers within the U.S. and Japan.
In a press launch earlier at the moment, the insurance coverage firm added that its community was not affected by ransomware. It’s unclear, although, if ransomware was deployed and blocked or if this was only a information theft assault.
“We promptly initiated our cyber incident response protocols and stopped the intrusion inside hours. Importantly, our enterprise stays operational, and our techniques weren’t affected by ransomware,” Aflac acknowledged.
“We proceed to serve our prospects as we reply to this incident and might underwrite insurance policies, assessment claims, and in any other case service our prospects as typical. This assault, like many insurance coverage firms are at present experiencing, was brought on by a complicated cybercrime group. This was a part of a cybercrime marketing campaign in opposition to the insurance coverage business.”
After detecting the breach, Aflac employed exterior cybersecurity specialists to analyze the incident and assessment the contents of recordsdata doubtlessly uncovered through the assault.
As the corporate defined in a submitting with the U.S. Securities and Trade Fee (SEC), these paperwork include a variety of delicate info associated to prospects, beneficiaries, staff, brokers, and different people, starting from claims and well being info to social safety numbers and/or different private info.
Scattered Spider assaults concentrating on insurance coverage corporations
Whereas an Aflac spokesperson could not attribute the breach to a selected cybercrime group, the breach displays all of the indicators of a Scattered Spider assault.
Scattered Spider (additionally tracked as 0ktapus, UNC3944, Scatter Swine, Starfraud, and Muddled Libra) is a bunch of risk actors identified for his or her subtle social engineering assaults in opposition to high-profile organizations worldwide, with techniques that embody phishing, SIM swapping, and multi-factor authentication (MFA) bombing.
In September 2023, they escalated their assaults by breaching MGM Resorts and encrypting over 100 VMware ESXi hypervisors utilizing BlackCat ransomware after gaining entry by impersonating an worker. They’ve additionally partnered with different ransomware operations, resembling RansomHub, Qilin, and DragonForce. Different organizations focused by Scattered Spider embody Twilio, Coinbase, DoorDash, Caesars, MailChimp, Riot Video games, and Reddit.
As John Hultquist, Chief Analyst at Google Menace Intelligence Group (GTIG), instructed BleepingComputer earlier this week, Scattered Spider has lately been concentrating on and breaching U.S. insurance coverage firms.
Hultquist additionally instructed BleepingComputer at the moment that “the insurance coverage business ought to be on excessive alert” and pay specific consideration to potential social engineering makes an attempt on assist desks and name facilities, “given this actor’s historical past of specializing in a sector at a time.”
The latest examples are Philadelphia Insurance coverage Corporations (PHLY) and Erie Insurance coverage, which skilled outages and disruptions after detecting unauthorized community entry.
In Could, GTIG’s chief analyst additionally warned that Scattered Spider switched from concentrating on retail chains in the UK to concentrating on retailers in america. “The actor, which has reportedly focused retail within the UK following an extended hiatus, has a historical past of focusing their efforts on a single sector at a time,” he added
Patching used to imply complicated scripts, lengthy hours, and infinite fireplace drills. Not anymore.
On this new information, Tines breaks down how trendy IT orgs are leveling up with automation. Patch quicker, cut back overhead, and concentrate on strategic work — no complicated scripts required.
