Business Continuity Management / Disaster Recovery , Fraud Management & Cybercrime , Governance & Risk Management

Insurer Chubb Investigating 'Security Incident'

Maze Gang Claims Insurer Is a Victim, Emsisoft Reports
Insurer Chubb Investigating 'Security Incident'

Switzerland-based global insurance firm Chubb acknowledges that it’s investigating a “security incident.” Meanwhile, the Maze ransomware gang is claiming Chubb is its latest victim, according to researchers at security firm Emsisoft.

See Also: Cybersecurity for the SMB: Steps to Improve Defenses on a Smaller Scale

A Chubb spokesperson says in a statement provided to Information Security Media Group that the company is investigating a "security incident that may involve unauthorized access to data held by a third-party service provider," adding that law enforcement is investigating the incident.

"We have no evidence that the incident affected Chubb’s network. Our network remains fully operational and we continue to service all policyholder needs, including claims," the spokesperson says.

Since 2015, Chubb, which sells cyber insurance and a wide variety of other coverage, has been owned by ACE American Insurance.

Maze Activity

In a screenshot of the Maze site that Emsisoft shared with Information Security Media Group, Chubb is listed among the organizations that have been hit by the gang's ransomware.

The Maze site lists three Chubb email addresses, including one for the CEO, and says that "proofs" would be coming soon, according to the screen shot shared by Brett Callow, a threat analyst with Emsisoft.

Last year, Maze was one of the first ransomware gangs to begin leaking victims' data after organizations refused to pay a ransom or if the two sides could not agree on a price. Other cybercriminal groups, including DoppelPaymer, Nemty, Snatch and the operators of Sodinokibito, are following similar methods to force targets to pay up (see: More Ransomware Gangs Join Data-Leaking Cult).

Callow says Maze and other ransomware gangs typically tease out data that they’ve stolen to put pressure on the targeted organization to pay. Releasing too much data too soon might make a company rethink paying because the data has already been exposed, he points out.

"I assume they don't publish until they believe that naming alone isn’t going to be sufficient to elicit payment," Callow tell ISMG. "The more data they publish, the less incentive the victim has to pay to prevent the rest of it being published."

Network Vulnerabilities

Chubb appears to have been using Citrix NetScaler servers that had not been patched against a vulnerability dubbed CVE-2019-19781, according to security research firm Bad Packets, which had been conducting scans of vulnerable infrastructure on Thursday.

Security firm Positive Technologies first reported this vulnerability in December 2019, and Citrix has released a patch to address the flaw (see: Citrix Releases First Patches to Fix Severe Vulnerability).

"Companies must strive to pay attention to their security and ensure that remote access solutions are patched, [remote desktop protocol] is disabled when not needed or protected with strong passwords when it is, and multifactor authentication is used for remote access to applications and admin accounts," Callow says.

Managing Editor Scott Ferguson contributed to this report.

About the Author

Ishita Chigilli Palli

Ishita Chigilli Palli

Senior Correspondent, Global News Desk

As senior correspondent for Information Security Media Group's global news desk, Ishita covers news worldwide. She previously worked at Thomson Reuters, where she specialized in reporting breaking news stories on a variety of topics.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.