On Friday, American insurance coverage big Aflac disclosed that its methods have been breached in a broader marketing campaign focusing on insurance coverage corporations throughout the USA by attackers who might have stolen private and well being data.
Aflac (quick for American Household Life Assurance Firm) is the most important supplemental insurance coverage supplier within the U.S. and a Fortune 500 firm that gives insurance coverage providers to tens of millions of shoppers within the U.S. and Japan.
In a press launch earlier in the present day, the insurance coverage firm added that its community was not affected by ransomware. It’s unclear, although, if ransomware was deployed and blocked or if this was only a knowledge theft assault.
“We promptly initiated our cyber incident response protocols and stopped the intrusion inside hours. Importantly, our enterprise stays operational, and our methods weren’t affected by ransomware,” Aflac said.
“We proceed to serve our clients as we reply to this incident and might underwrite insurance policies, overview claims, and in any other case service our clients as typical. This assault, like many insurance coverage corporations are at the moment experiencing, was brought on by a classy cybercrime group. This was a part of a cybercrime marketing campaign in opposition to the insurance coverage business.”
After detecting the breach, Aflac employed exterior cybersecurity consultants to research the incident and overview the contents of recordsdata probably uncovered in the course of the assault.
As the corporate defined in a submitting with the U.S. Securities and Alternate Fee (SEC), these paperwork include a variety of delicate data associated to clients, beneficiaries, staff, brokers, and different people, starting from claims and well being data to social safety numbers and/or different private data.
Scattered Spider assaults focusing on insurance coverage corporations
Whereas an Aflac spokesperson could not attribute the breach to a selected cybercrime group, the breach displays all of the indicators of a Scattered Spider assault.
Scattered Spider (additionally tracked as 0ktapus, UNC3944Scatter Swine, Starfraud, and Muddled Libra) is a gaggle of menace actors recognized for his or her subtle social engineering assaults in opposition to high-profile organizations worldwide, with ways that embrace phishing, SIM swapping, and multi-factor authentication (MFA) bombing.
In September 2023, they escalated their assaults by breaching MGM Resorts and encrypting over 100 VMware ESXi hypervisors utilizing BlackCat ransomware after gaining entry by impersonating an worker. They’ve additionally partnered with different ransomware operations, akin to RansomHubQilin, and DragonForce. Different organizations focused by Scattered Spider embrace Twilio, Coinbase, DoorDash, Caesars, MailChimp, Riot Video games, and Reddit.
As John Hultquist, Chief Analyst at Google Risk Intelligence Group (GTIG), instructed BleepingComputer earlier this week, Scattered Spider has just lately been focusing on and breaching U.S. insurance coverage corporations.
Hultquist additionally warned that corporations ought to pay specific consideration to potential social engineering makes an attempt on assist desks and name facilities, including that “the insurance coverage business ought to be on excessive alert.”
The latest examples are Philadelphia Insurance coverage Firms (PHLY) and Erie Insurance coverage, which skilled outages and disruptions after detecting unauthorized community entry.
In Could, GTIG’s chief analyst additionally warned that Scattered Spider switched from focusing on retail chains in the UK to focusing on retailers in the USA. “The actor, which has reportedly focused retail within the UK following an extended hiatus, has a historical past of focusing their efforts on a single sector at a time,” he added
Patching used to imply advanced scripts, lengthy hours, and infinite hearth drills. Not anymore.
On this new information, Tines breaks down how trendy IT orgs are leveling up with automation. Patch sooner, cut back overhead, and give attention to strategic work — no advanced scripts required.
