- NAIC confirmed a cyber attack exploiting an Oracle PeopleSoft zero-day in which ShinyHunters claimed theft of 3.1 TB of data
- Stolen cache reportedly includes insurance company, credit rating files, AWS logs, configurations and PII; The NAIC says only financial reports and technical data were taken
- Event seen June 11, revealed June 17; files leaked online suggest NAIC did not pay ransom as ShinyHunters continue to exploit zero-day across 100+ organizations
The National Association of Insurance Commissioners (NAIC) confirmed it suffered a cyber attack that resulted in the stolen data being leaked onto the dark web. While the company didn’t name the group responsible or mention the size of the stolen cache, the infamous ShinyHunters claimed responsibility, saying they snagged around 3.1 TB of information.
In a security notice published on the NAIC website, it was explained that the attackers managed to exploit a zero-day vulnerability in Oracle PeopleSoft. This is an Enterprise Resource Planning (ERP) software package designed to help businesses manage employees, finances, supply chains and more. Citing Google Mandiant, Cybernews says ShinyHunters first began exploiting the zero-day on May 27 and managed to compromise more than 100 organizations and 300 individuals before Oracle finally issued an emergency update on June 10.
Among the victims, as we now know, is NAIC, whose PeopleSoft environment was compromised and used to obtain credentials and move laterally to internal data storage locations.
ShinyHunters step forward
Based on the NAIC’s investigation, the stolen information includes publicly available statutory financial reports, insurance company investment credit rating data, and some technical information such as outdated logs and configuration files. There is no evidence that personal information, bank details or payment data were accessed, it said.
NAIC discovered the attack on June 11 and immediately launched its incident protocol, which includes notifying law enforcement, blocking malicious actors and engaging third-party security experts. The commission revealed the incident on June 17, a day before ShinyHunters was published.
The notorious ransomware gang claims to have taken more than 264,000 statutory insurance documents, 2,000 customer and bulk orders containing personally identifiable information, around 45,000 files from major credit rating agencies, statutory annual and quarterly financial statements submitted by insurance companies, production logs, cloud workload and automation data, SQL data and AWS infrastructure. scripts.
Since the files were apparently leaked online, it’s safe to assume that the NAIC didn’t (want to) pay the ransom demand.
Via Cyber news
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds.
