On Friday, American insurance coverage big Aflac disclosed that its methods had been breached in a broader marketing campaign focusing on insurance coverage firms throughout america by attackers who could have stolen private and well being info.
Aflac (brief for American Household Life Assurance Firm) is the biggest supplemental insurance coverage supplier within the U.S. and a Fortune 500 firm that gives insurance coverage companies to tens of millions of shoppers within the U.S. and Japan.
In a press launch earlier right now, the insurance coverage firm added that its community was not affected by ransomware. It’s unclear, although, if ransomware was deployed and blocked or if this was only a information theft assault.
“We promptly initiated our cyber incident response protocols and stopped the intrusion inside hours. Importantly, our enterprise stays operational, and our methods weren’t affected by ransomware,” Aflac acknowledged.
“We proceed to serve our clients as we reply to this incident and may underwrite insurance policies, evaluate claims, and in any other case service our clients as common. This assault, like many insurance coverage firms are presently experiencing, was attributable to a complicated cybercrime group. This was a part of a cybercrime marketing campaign towards the insurance coverage business.”
After detecting the breach, Aflac employed exterior cybersecurity specialists to research the incident and evaluate the contents of information doubtlessly uncovered in the course of the assault.
As the corporate defined in a submitting with the U.S. Securities and Trade Fee (SEC), these paperwork include a variety of delicate info associated to clients, beneficiaries, staff, brokers, and different people, starting from claims and well being info to social safety numbers and/or different private info.
Scattered Spider assaults focusing on insurance coverage companies
Whereas an Aflac spokesperson could not attribute the breach to a particular cybercrime group, the breach reveals all of the indicators of a Scattered Spider assault.
Scattered Spider (additionally tracked as 0ktapus, UNC3944, Scatter Swine, Starfraud, and Muddled Libra) is a bunch of risk actors recognized for his or her refined social engineering assaults towards high-profile organizations worldwide, with ways that embody phishing, SIM swapping, and multi-factor authentication (MFA) bombing.
In September 2023, they escalated their assaults by breaching MGM Resorts and encrypting over 100 VMware ESXi hypervisors utilizing BlackCat ransomware after gaining entry by impersonating an worker. They’ve additionally partnered with different ransomware operations, resembling RansomHub, Qilin, and DragonForce. Different organizations focused by Scattered Spider embody Twilio, Coinbase, DoorDash, Caesars, MailChimp, Riot Video games, and Reddit.
As John Hultquist, Chief Analyst at Google Risk Intelligence Group (GTIG), instructed BleepingComputer earlier this week, Scattered Spider has lately been focusing on and breaching U.S. insurance coverage firms.
Hultquist additionally warned that firms ought to pay explicit consideration to potential social engineering makes an attempt on assist desks and name facilities, including that “the insurance coverage business must be on excessive alert.”
The newest examples are Philadelphia Insurance coverage Corporations (PHLY) and Erie Insurance coverage, which skilled outages and disruptions after detecting unauthorized community entry.
In Could, GTIG’s chief analyst additionally warned that Scattered Spider switched from focusing on retail chains in the UK to focusing on retailers in america. “The actor, which has reportedly focused retail within the UK following a protracted hiatus, has a historical past of focusing their efforts on a single sector at a time,” he added
Patching used to imply advanced scripts, lengthy hours, and infinite fireplace drills. Not anymore.
On this new information, Tines breaks down how trendy IT orgs are leveling up with automation. Patch quicker, scale back overhead, and give attention to strategic work — no advanced scripts required.
