Top insurer CNA disconnects systems after cyberattack

CNA, one of the U.S.’s top providers of cybersecurity insurance, is struggling with a cyberattack that prompted it to disconnect its systems from its network. Its website hasn’t been working for the last couple days, and at press time displayed the message, “The attack caused a network disruption and impacted certain CNA systems, including corporate email.” The Chicago-based firm reported more than $10 billion in revenue in 2020, and is in the top 15 U.S. property and casualty insurers and top 10 U.S. providers of cyber insurance, according to recent measurements. If the attack proves to include policyholder data, a cyber insurance industry expert warned, it could enable particularly devastating further incidents that hackers could use as leverage in extortion attempts. If that’s the case, CNA said, it will keep customers updated. The company said it discovered the intrusion on March 21, adding that it is working with forensics experts […]

The post Top insurer CNA disconnects systems after cyberattack appeared first on CyberScoop.

Continue reading Top insurer CNA disconnects systems after cyberattack

FIN8 cybercrime group resurges with improved hacking tool

A financially-motivated hacking group that appeared to drop off the map a year-and-a-half ago is back with a new and improved backdoor, according to BitDefender research published Wednesday. Over the last year the criminal hacking group, known as FIN8, has primarily targeted companies in retail, technology, chemical and insurance industries with its updated point-of-sale malware, and has compromised organizations in the U.S., Canada, South Africa, Puerto Rico, Panama and Italy, according to the research. FIN8, which FireEye researchers first observed in operation in 2016, has historically targeted organizations in the retail, restaurant and hospitality industries with emails containing malicious Microsoft Word documents. The updated backdoor, known as BADHATCH, has incorporated screen capturing, proxy tunneling and fileless execution, the researchers write. The backdoor has also likely added in credential-stealing capabilities, according to the research. BitDefender does not identify which organizations have been compromised. An earlier version of BADHATCH, which researchers at […]

The post FIN8 cybercrime group resurges with improved hacking tool appeared first on CyberScoop.

Continue reading FIN8 cybercrime group resurges with improved hacking tool

Universal Health Services reports $67 million in losses after apparent ransomware attack

An apparent ransomware attack last fall caused $67 million in pre-tax losses at Universal Health Services, the U.S. health care provider has revealed, illustrating the sharp financial toll that criminal hackers have caused the sector during the pandemic. The Sept. 27 breach at Universal Health Services (UHS) was widely reported to be a ransomware attack, with some analysts saying it involved the Ryuk strain of malicious code. It came amid a wave of suspected Ryuk incidents at the computer networks of various U.S. hospitals that federal authorities scrambled to address. UHS, which oversees 400 hospitals and calls itself one of the biggest health care providers in the country, now says the cost of the breach included lost revenue because ambulances were diverted to competitor facilities. The incident also delayed billing procedures for more than two months, and forced UHS to spend big on labor costs to restore connectivity, the company […]

The post Universal Health Services reports $67 million in losses after apparent ransomware attack appeared first on CyberScoop.

Continue reading Universal Health Services reports $67 million in losses after apparent ransomware attack

Sirius XM Satellite Failure a Reminder that Space is Risky (And That Satellite Insurance is a Thing)

It’s easy to imagine that once a spacecraft leaves Earth’s atmosphere and is in a stable orbit, the most dangerous phase of the mission is over. After all, that’s when we collectively close the live stream and turn our attentions …read more

Continue reading Sirius XM Satellite Failure a Reminder that Space is Risky (And That Satellite Insurance is a Thing)

Skydio partners with EagleView for autonomous residential roof inspections via drone

Skydio only just recently announced its expansion into the enterprise and commercial market with hardware and software tools for its autonomous drone technology, and now it’s taking the lid off a brand new big partnership with one commercial partner. Skydio will work with EagleView to deploy automated residential roof inspection using Skydio drones, with service […] Continue reading Skydio partners with EagleView for autonomous residential roof inspections via drone

EasySend raises $16M from Intel, more for its no-code approach to automating B2C interfaces

No-code and low-code software have become increasingly popular ways for companies — especially those that don’t count technology as part of their DNA — to bring in more updated IT processes without the heavy lifting needed to build and integrate services from the ground up. As a mark of that trend, today, a company that […] Continue reading EasySend raises $16M from Intel, more for its no-code approach to automating B2C interfaces

Ransomware to blame for nearly half the cyber-insurance claims filed in early 2020

Nearly half of the cyber-insurance claims filed in the first half of this year were the result of ransomware attacks, further proof that digital extortion attempts are having a ripple effect throughout the private sector. Ransomware attacks were the cause of 41% of the cyber-insurance claims filed over the first six months of 2020, according to a report published by Coalition, a cyber-insurance vendor that compiled the data based on findings from 25,000 small and medium-sized companies in the U.S. and Canada. Coalition reported a 47% increase in the number of ransomware attacks, with the average size of the demand jumping by 46% over the time period in question. While cyber-insurance vendors have financial interest in emphasizing the frequency and severity of ransomware attacks, the latest figures come after a series of similar numbers hinted at the size of the ransomware problem. Beazley Breach Response, a unit of the London-based […]

The post Ransomware to blame for nearly half the cyber-insurance claims filed in early 2020 appeared first on CyberScoop.

Continue reading Ransomware to blame for nearly half the cyber-insurance claims filed in early 2020

Insurer’s huge data exposure draws charges from New York state

New York regulators have charged an insurer with violating state cybersecurity law for allegedly exposing hundreds of millions of documents that included Americans’ personal data, including Social Security numbers and financial information. The New York State Department of Financial Services announced legal action Wednesday against the First American Title Insurance Company, the second-largest real estate title insurer in the U.S. The company is accused of exposing customers’ Social Security numbers, bank account information, driver’s license numbers and mortgage and tax records through a software vulnerability that went undetected between May 2014 and December 2018. Upon discovering the flaw during a routine security test, the insurance company failed to fix it, DFS alleged. “After the data exposure was discovered by an internal penetration test in December 2018, First American failed to conduct a reasonable investigation into the scope and cause of the exposure, reviewing only 10 of the millions of documents exposed and […]

The post Insurer’s huge data exposure draws charges from New York state appeared first on CyberScoop.

Continue reading Insurer’s huge data exposure draws charges from New York state

Verizon DBIR 2020: Credential Theft, Phishing, Cloud Attacks

Every year, the security industry at large eagerly awaits the release of the Verizon Data Breach Investigations Report (DBIR). Now in its thirteenth year, the DBIR is widely considered to be one of the industry’s…
The post Verizon DBIR 2020: Cr… Continue reading Verizon DBIR 2020: Credential Theft, Phishing, Cloud Attacks