CNA, considered the 6th largest insurance company in the US, revealed that on March 21st, they suffered a sophisticated and coordinated hack to their systems. According to their press release, “The attack caused a network disruption and impacted certain CNA systems, including corporate email. Upon learning of the incident, we immediately engaged a team of third-party forensic experts to investigate and determine the full scope of this incident, which is ongoing. We have alerted law enforcement and will be cooperating with them as they conduct their own investigation.” To prevent further damage, they have disconnected their computers from their server, forcing many employees to use a work around.
While it is not clear what was stolen or what was compromised, according to several ransomware groups, insurance companies are prime targets for hacks such as this. The REvil ransomware operation stated in a recent interview that insurers are valuable targets to create lists of potential targets who are more likely to pay a ransom. “Yes, this is one of the tastiest morsels. Especially, to hack the insurers first—to get their customer base and work in a targeted way from there. And after you go through the list, then hit the insurer themselves," REvil's 'Unknown' told the TheRecord.
After two weeks being down, CNA has announced that their servers have been restored to full service as of April 5th. ““Based on our forensic investigation to-date, our forensic experts have confirmed that the malware used by the Threat Actor in the CNA environment, including the ransomware, does not contain the ability to automatically spread to any internal or external systems. Also, additional security software has been deployed in the CNA environment,” the company stated.
CNA’s breach reveals that big name companies are just as vulnerable and valuable as the small stores. However, just because they cause the headlines, does not mean smaller companies are safer. They are considered the low hanging fruit to these hackers. Be wary and diligent for anything suspicious in your inbox.