True North Networks Blog
Data allegedly stolen in ransomware attack on cybersecurity insurance provider Chubb
Cybersecurity insurance provider Chubb Group Holdings Inc. is allegedly the latest victim of a ransomware attack.
Details of the attack, which came to light today, are somewhat slim. Chubb, which provides insurance to companies targeted in ransomware attacks, said only that it was investigating a potential breach at a third-party provider while claiming that it has no evidence that its own networks were breached.
The claim that they were breached comes from the Maze hacking group, which said it stole personally identifiable information from the insurance company and would release information on executives and others if its ransom is not paid. The Maze hacking group is the same group behind the hack earlier this month of Hammersmith Medicines Research Ltd., a company preparing to run a COVID-19 vaccine trial.
In the case of Hammersmith Medicines Research, the Maze group started to publish stolen data online in an attempt to obtain a ransomware payment to prevent further data being released. It has yet to do so with Chubb but did include the email addresses of senior executives at the company in its hacking claim.
“The recent ransomware attack on cyber insurance provider Chubb illustrates that no one – not even those who are acutely aware of the impact of cybercrime – is immune to a cyberattack,” Sam Roguine, director of data protection firm Arcserve LLC, told SiliconANGLE. “With hackers like the Maze ransomware gang publishing victims’ data online if they don’t pay a ransom, organizations must now treat all attacks like a data breach and ensure they’re following proper compliance protocols for notifying affected customers and employees.”
Paying up might seem like the only option in these situations, he said, but it isn’t. “It actually encourages more attacks,” Roguine explained. “Companies shouldn’t abandon their disaster recovery plan and now need to be thinking of new ways they can protect stored data and backups from being extracted and used against them.”
Backup and continuous availability technologies can help mitigate the impact of an attack and should be included in such a plan, he added. “By allowing organizations to spin up copies of encrypted data and systems, these solutions can help minimize downtime and prevent data loss,” he said. “Businesses should also apply the same level of security on data backups as they do on the rest of the endpoints on their network, and put them on a separate domain so they’re harder for cybercriminals to reach.”
James McQuiggan, security awareness advocate at security awareness training firm KnowBe4 Inc., noted that a company’s security is only as strong as the weakest third party’s security program”
“Organizations not only need to focus their security efforts on their own applications, infrastructure and employees, but also those that interact with their digital supply chain,” he said. “An organization with a strong and robust security program that can train their employees, assess their ability to spot a social engineering phishing scam and report it, then verify that the third party companies provide the same can help to effectively prevent a ransomware attack.”