Insurance coverage large Aflac reported immediately that it was hit by a cyberattack on June 12 however was in a position to cease the intrusion “inside hours.”
Aflac detailed the incident in an SEC filing and press release immediately. The corporate didn’t identify the suspected attacker however stated within the press launch that “This assault, like many insurance coverage corporations are at present experiencing, was brought on by a complicated cybercrime group. This was a part of a cybercrime marketing campaign in opposition to the insurance coverage trade.”
The Aflac breach disclosure got here days after stories that the Scattered Spider risk group was pivoting from retail attacks to a marketing campaign concentrating on the insurance industry.
Different latest insurance coverage trade cyber incidents have focused Erie Insurance and Philadelphia Insurance Companies, amongst others.
Aflac Breach Started with Social Engineering
Aflac stated it has engaged third-party cybersecurity consultants to assist with its response and investigation, and famous that the preliminary investigation means that the attackers “used social engineering techniques to realize entry to our community.”
The insurance coverage firm stated that its enterprise stays operational and its programs weren’t affected by ransomware, however the firm steered that hackers might have been in a position to entry some delicate data.
“[W]e have commenced a review of potentially impacted files,” Aflac said. “It is important to note that the review is in its early stages, and we are unable to determine the total number of affected individuals until that review is completed. The potentially impacted files contain claims information, health information, social security numbers, and/or different private info, associated to clients, beneficiaries, staff, brokers, and different people in our U.S. enterprise.”
Aflac stated that though the investigation is ongoing, it’s providing any particular person who contacts the corporate’s devoted name heart free credit score monitoring, identification theft safety, and Medical Protect for twenty-four months.
The SEC submitting stated Aflac plans to inform regulators and supply “acceptable notifications to people affected by this incident. … At the moment, the total scope and potential final impression on the Firm will not be identified.”
Defending In opposition to Scattered Spider
After Scattered Spider-linked retail incidents within the UK final month, the UK’s Nationwide Cyber Safety Centre issued guidance for shielding operations from cyberattacks. These steps embody:
- Complete use of multi-factor authentication
- Monitoring for indicators of account misuse, akin to “dangerous logins” inside Microsoft Entra ID Safety
- Monitoring Area Admin, Enterprise Admin, and Cloud Admin accounts and ensuring that any entry is professional
- Overview helpdesk password reset processes, together with procedures for authenticating workers credentials earlier than resetting passwords
- Ensuring that safety operation facilities can determine suspicious logins, akin to from VPN providers in residential ranges
- Following techniques, strategies, and procedures sourced from threat intelligence
Google just lately issued an advisory Scattered Spider’s vishing assault strategies, or voice-based social engineering, which has included calling company service desks and “impersonating staff to have credentials and multi-factor authentication (MFA) strategies reset.”
Associated
Media Disclaimer: This report relies on inner and exterior analysis obtained via varied means. The data offered is for reference functions solely, and customers bear full duty for his or her reliance on it. The Cyber Express assumes no legal responsibility for the accuracy or penalties of utilizing this info.
