- NAIC has confirmed a cyberattack leveraging zero-day software from Oracle PeopleSoft, with ShinyHunters claiming to have stolen 3.1TB of data.
- The stolen cache reportedly includes insurer records, credit scoring files, AWS logs, configurations and personal information; NAIC says only financial reports and technical data were collected
- Incident spotted on June 11, disclosed on June 17; Files Leaked Online Suggest NAIC Didn’t Pay Ransom, as ShinyHunters Continues to Exploit Zero Day in More Than 100 Organizations
The National Association of Insurance Commissioners (NAIC) has confirmed that it suffered a cyberattack that resulted in stolen data leaking onto the dark web. Although the company did not name the group responsible or mention the size of the stolen cache, the infamous ShinyHunters claimed responsibility and said they recovered approximately 3.1 TB of information.
In a security advisory posted on the NAIC website, it was explained that attackers successfully exploited a zero-day vulnerability in Oracle PeopleSoft. It is an enterprise resource planning (ERP) software suite, designed to help businesses manage their employees, finances, supply chains, and more. Citing Google Mandiant, Cybernews claims that ShinyHunters began exploiting zero-day on May 27 and successfully compromised more than 100 organizations and 300 individuals, before Oracle finally released an emergency update on June 10.
Among the victims, as we now know, is NAIC, whose PeopleSoft environment was compromised and used to obtain credentials and move laterally to internal data storage locations.
ShinyHunters takes a step forward
According to the NAIC investigation, the stolen information included publicly available statutory financial reports, insurer investment credit rating data, and some technical information such as outdated logs and configuration files. There is no evidence that personal information, banking information or payment data was accessed, he said.
NAIC spotted the attack on June 11 and immediately launched its incident response protocol, which includes notifying law enforcement, blocking bad actors, and engaging third-party security experts. The Commission revealed the incident on June 17, a day before ShinyHunters went public.
The notorious ransomware gang claims to have recovered more than 264,000 regulatory filing documents from insurers, 2,000 customer and bulk orders containing personally identifiable information, some 45,000 files from major credit rating agencies, statutory annual and quarterly financial statements submitted by insurers, production AWS infrastructure logs, cloud configuration files, workload automation data and SQL scripts.
Since the files were apparently leaked online, it can be assumed that NAIC did not (want to) pay the ransom demand.
Via Cybernews
The best antivirus for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds.
