Cybercriminals have breached insurance giant Aflac, potentially stealing Social Security numbers, insurance claims and health information, the company said Friday, the latest in a spree of hacks against the insurance industry.
With billions of dollars in annual revenue and tens of millions of customers, Aflac is the biggest victim yet in the ongoing digital assault on US insurance companies that has the industry on edge and the FBI and private cyber experts scrambling to contain the fallout. Erie Insurance and Philadelphia Insurance Companies have also reported hacks this month, which in those cases have caused widespread disruptions to IT systems used to serve customers. All three insurance-company hacks are consistent with the techniques of a young and rampant cybercrime group known as Scattered Spider, people familiar the investigation tell CNN.
Read more…
Source: CNN News
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Vice Society: A tale of victim data exfiltration via PowerShell, aka stealing off the land
April 13, 2023
Threat actors (TAs) using built-in data exfiltration methods like LOLBAS negate the need to bring in external tools that might be flagged by security software and/or human-based security detection mechanisms. These methods can also hide within the general operating environment, providing subversion to the threat actor. For example, PS scripting is often used within a typical ...
- Legion: New hacktool steals credentials from misconfigured sites
April 13, 2023
A new Python-based credential harvester and SMTP hijacking tool named ‘Legion’ is being sold on Telegram that targets online email services for phishing and spam attacks. Legion is sold by cybercriminals who use the “Forza Tools” moniker and operate a YouTube channel with tutorials and a Telegram channel with over a thousand members. Read more… Source: Bleeping Computer
- Following the Lazarus group by tracking DeathNote campaign
April 12, 2023
The Lazarus group is a high-profile Korean-speaking threat actor with multiple sub-campaigns. Kaspersky researchers have previously published information about the connections of each cluster of this group. In this blog, Kaspersky focus on an active cluster that they dubbed DeathNote because the malware responsible for downloading additional payloads is named Dn.dll or Dn64.dll. This threat is ...
- DDoS attacks shifting to VPS infrastructure for increased power
April 12, 2023
Hyper-volumetric DDoS (distributed denial of service) attacks in the first quarter of 2023 have shifted from relying on compromised IoT devices to leveraging breached Virtual Private Servers (VPS). According to internet security company Cloudflare, the newer generation of botnets gradually abandoned the tactic of building large swarms of individually weak IoT devices and are now shifting ...
- Latitude Financial refuses to pay cyber-attack ransom demands
April 11, 2023
Finance company Latitude Financial says it will not give in to ransom demands by cyber criminals behind one of Australia’s largest cyber-attacks. Almost 8 million driver’s licenses of Australian and New Zealand customers have been stolen including more than 6 million customer records. Read more… Source: MSN News
- Microsoft, Fortra are this fed up with cyber-gangs abusing Cobalt Strike
April 10, 2023
Microsoft and Fortra are taking legal and technical actions to thwart cyber-criminals from using the latter company’s Cobalt Strike software to distribute malware. Microsoft’s Digital Crimes Unit (DUC), Fortra, and Health Information Sharing and Analysis Center (Health-ISAC) filed a 223-page complaint against multiple groups known to have used older and altered versions of Cobalt Strike in ...