On March 21, 2021, CNA Financial, one of the largest insurance companies in the United States, was allegedly targeted by a “sophisticated cybersecurity attack.” The company’s employee and customer services were interrupted for three days as a result of the cyber attack, which forced the company to shut down “out of an abundance of caution” to avoid further compromise.
The Loews Corp subsidiary, which was established in 1967, is one of the top 10 cyber insurance companies in the United States, as well as one of the top 15 casualty and property insurers. It hires over 5,800 people and generates over $10 billion in annual sales in 2020.
The Cyber Attack
The insurance company announced on its website that it had been the victim of a “sophisticated cybersecurity assault.” The cyber attack disrupted the network and affected CNA services, including corporate email.”
In its investigations, the cyber insurance company said it enlisted the help of forensic experts and law enforcement. Since CNA Financial was unable to determine if the attackers stole any data, it did not alert possible victims.
CNA Financial stated that “Should we determine that this incident impacted our insureds’ or policyholders’ data, we’ll notify those parties directly,” In addition, the company began mitigation measures to lessen the impact of the cyber attack.
“We’ve notified employees and provided workarounds where possible to ensure they can continue operating and serving the needs of our insureds and policyholders to the best of their ability.”
A nightmare scenario, according to Coalition CEO Joshua Motta, will be if the attackers stole the data of policyholders. He explained that gaining access to the data could allow hackers to figure out which businesses had applied for or purchased cyber insurance, as well as the extent of coverage and deductible limits.
After compromising the cyber insurance policyholders, ransomware operators may use the information during negotiations. They will use the data to determine the best ransom demands for policyholders with cyber insurance. If a ransomware cyber attack compromised their network, informing any compromised parties would help them understand their negotiating position.
Because of the cyber insurance backing, if the hackers stole any data, they could use it to target policyholders for their ability to pay. Furthermore, gaining access to their information could aid the attackers in crafting convincing phishing messages, increasing the likelihood of success.
Similarly, various cyber insurance policy leaks may enable hackers to tailor their attacks to specific clients’ cyber defences and vulnerabilities.
Damage Control
CNA announced on April 1 that mail functionality had been restored, secured by two-factor authentication and a threat-blocking “security framework.”
It also released the results of its forensic investigation study. The ransomware used in the cyber attack, according to CNA, did not immediately spread through internal and external networks.