New Threat Research: Uncovering Adversarial LDAP Tradecraft

Read Threat Research


Maze Ransomware Group Adds Cyber-Insurance Firm Chubb to Their Victim List

Maze: The website utilized by the Maze ransomware group has added Chubb, a cybersecurity insurance provider, to their list of claimed victims. Currently, the listing only shows the company name and contact information for three senior executives—sample data is listed as “coming soon” for now.  A spokesman for Chubb stated that the firm is in the process of investigating a “security incident” involving unauthorized access to data belonging to an unnamed third party.  Chubb has stated that the company has found no evidence that Chubb’s own network was affected and that it remains fully operational.

Analyst Notes

Whether data was stolen directly from Chubb or via a third party with access to sensitive data from Chubb, it does not bode well for the cyber-insurance firm—a fact that Maze likely banked on. Either way, an incident that involves public exposure of private company data can be extremely damaging, especially for information security or cyber-insurance providers. Numerous past incidents have proven that following a major security incident, public trust in an organization decreases. If during the course of their operation Maze was able to capture client details for Chubb, it could provide valuable insight for Maze to use in future targeting. Client data lists for Chubb would likely include coverage amounts including payout amounts for ransomware attacks. With the increasing prevalence of ransomware attacks and data-release ransoms, it is more important than ever to ensure that proper steps are taken to prepare for a possible ransomware attack. The 3, 2, 1 rule for backups can help ensure that an organization is properly prepared for a ransomware attack. Keep three copies of data backups, utilize at least two different storage devices or media types, and keep at least one backup offsite. To prevent data from being stolen in targeted attacks, it is important to understand that attackers can easily modify malware to evade anti-virus detections, so a layered defense that includes continuous monitoring of workstations and servers for attacker behaviors as well as detecting unusual network traffic patterns is necessary. More information on this incident can be found at