- NAIC confirmed a cyberattack that exploited an Oracle PeopleSoft zero-day, and ShinyHunters alleged the theft of 3.1TB of data.
- The stolen cache allegedly includes insurance filings, credit score files, AWS logs, configurations, and PII; NAIC says only financial reports and technical data were taken
- Incident detected on June 11, disclosed on June 17; Files leaked online suggest NAIC did not pay the ransom, as ShinyHunters continues to exploit zero-days in over 100 organizations.
The National Association of Insurance Commissioners (NAIC) confirmed that it suffered a cyberattack that caused stolen data to be leaked to the dark web. While the company did not name the group responsible or mention the size of the stolen cache, the infamous ShinyHunters claimed responsibility and claimed that they stole around 3.1TB of information.
A security advisory posted on the NAIC website explains that attackers managed to exploit a zero-day vulnerability in Oracle PeopleSoft. It is an enterprise resource planning (ERP) software package, designed to help companies manage employees, finances, supply chains, and more. Citing Google Mandiant, Cybernews says ShinyHunters began exploiting the zero-day on May 27 and managed to compromise more than 100 organizations and 300 individuals, before Oracle finally released an emergency update on June 10.
Among the victims, as we now know, was NAIC, whose PeopleSoft environment was compromised and used to obtain credentials and move laterally to internal data storage locations.
ShinyHunters takes a step forward
According to the NAIC investigation, the stolen information includes publicly available statutory financial reports, investment credit rating data from insurers, and certain technical information, such as outdated records and configuration files. There is no evidence that personal information, banking information or payment data was accessed, he said.
NAIC detected the attack on June 11 and immediately launched its incident response protocol, which includes notifying authorities, blocking malicious actors, and hiring external security experts. The Commission revealed the incident on June 17, a day before ShinyHunters went public.
The notorious ransomware gang claims to have taken more than 264,000 regulatory documents from insurers, 2,000 bulk and customer orders containing personally identifiable information, some 45,000 files from major credit rating agencies, mandatory annual and quarterly financial statements filed by insurers, AWS infrastructure production logs, cloud configuration files and workload automation data, and SQL scripts.
Since the files were apparently leaked online, it is safe to assume that NAIC did not (want to) pay the ransom demand.
Through cyber news
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds.
