fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Insurance Giant CNA Fully Restores Systems After Ransomware Attack

Insurance Giant CNA Fully Restores Systems After Ransomware Attack

Leading US-based insurance company CNA Financial has fully restored systems following a Phoenix CryptoLocker ransomware attack that disrupted its online services and business operations during late March.

CNA provides a wide range of insurance products, including cyber insurance policies, and is the sixth-largest commercial insurance company in the US according to stats provided by the Insurance Information Institute.

Sources familiar with the ransomware attack told BleepingComputer that the attackers encrypted more than 15,000 devices after deploying ransomware payloads on CNA’s network on March 21.

“On March 21, 2021, as previously shared, we detected the ransomware and took immediate action by proactively disconnecting our systems from our network to contain the threat and prevent additional systems from being affected,” CNA said in an update published on Wednesday.

BleepingComputer has also learned at the time that Phoenix CryptoLocker operators also encrypted the computers of remote workers logged into the company’s VPN during the attack.

Systems are now fully restored

“CNA is fully restored, and we are operating business as usual. Our IT teams and third-party partners have worked hard to restore business operability,” the company said on Wednesday.

Also Read: 4 Best Practices On How To Use SkillsFuture Credit

“We are pleased that in a short time since the ransomware event, we are now operating in a fully restored state.”

The insurance firm deployed endpoint detection and monitoring tools on the newly restored systems during the recovery process.

CNA also ensured that the restored systems were not reinfected by scanning them again before bringing them back online.

While investigating the impact on data stored on its systems, the insurance provider did not find any evidence of stolen policyholder info surfacing being exchanged or put up for sale on the dark web or hacking forums.

“We do not believe that the Systems of Record, claims systems, or underwriting systems, where the majority of policyholder data–including policy terms and coverage limits–is stored, were impacted,” CNA added.

“Importantly, CNA has been conducting dark web scans and searches for CNA-related information and at this time, we do not have any evidence that data related to this attack is being shared or misused.”

Ransom note created during CNA ransomware attack
CNA ransomware attack ransom note

Cyber insurance firms are a valuable target

Attacks on companies with cyber insurance policies are very lucrative for ransomware groups as they are more likely to pay the ransom.

However, breaching an insurance provider’s network and stealing customers’ policy info could be an even more lucrative way to increase their attacks’ effectiveness.

With the help of this data, ransomware gangs can easily create a list of insured companies, including their policy limits, to target in the future.

Also Read: 3 Reasons Why You Must Take A PDPA Singapore Course

This would also most likely make it possible for ransom demands custom-tailored to each victim’s policy coverage.

In a recent interview, the REvil ransomware operation said that hacking insurers’ systems helps create lists of possible targets more likely to pay a ransom.

While at this time, it is not yet known if the ransomware group has stolen unencrypted files before encrypting CNA’s systems, the company said that it would abide by “notification obligations to policyholders and impacted individuals.”

Using double-extortion as a tactic has become commonplace for most active ransomware operations, with victims regularly alerting their customers or employees of possible data breaches following ransomware attacks.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us