By Staff Writer
Another multinational insurer has fallen victim to cybercriminals this week following a series of cyberattacks on insurers earlier this year. On Monday, Japanese insurance group Tokio Marine Holdings confirmed that subsidiary business, Tokio Marine Insurance Singapore (TMiS), had been subjected to a ransomware attack.
Tokio Marine Holdings did not specify the nature of the attack or when the attack occurred. But the insurer did say there was no indication of a breach of any customer information or confidential information. The ransomware attack did not impact any of the insurer’s companies other than their Singapore subsidiary.
“Upon a detection of the attack, TMiS immediately took necessary measures including the isolation of the network to prevent further damages and filed the necessary reports to local governmental agencies,” a statement from Tokio Marine Holdings reads.
“The Group has taken information security safeguards so far and will endeavour to make further efforts to keep our customer information as well as our confidential information protected.”
Tokio Marine Holdings is one of several insurers falling prey to ransomware gangs this year. In March, US-based insurer CAN Financial Corporation was hit by a Phoenix CryptoLocker ransomware attack that saw the personal data of 75,349 customers compromised.
In May, Asian branches of insurer AXA fell victim to the Avaddon ransomware gang. In addition to stealing a reported 3 TB of customer data, Avaddon launched a Distributed Denial of Service (DDoS) against AXA’s websites worldwide.
The attack on TMiS comes as parent Tokio Marine Holdings moves to increase its market share in the cybersecurity insurance field.
Tokio Marine Holdings declined to confirm the loss of any non-customer related data. The insurer also did not say whether they paid a ransom. But Jonathan Knudsen, Senior Security Strategist, Synopsys Software Integrity Group, says these are secondary questions.
“The only question that matters is: how can a problem like this be prevented?” Knudsen says. “The reason ransomware is so successful is that so few organisations are properly prepared. Organisations often focus solely on functionality when selecting, deploying, and operating software. They work hard to make software do what they want it to do, but security and robustness are often neglected or ignored.”
In a March 2021 interview with threat intelligence analyst Dmitry Smilyanets, a purported REvil ransomware group representative explained why insurers like Tokio Marine Holdings make attractive targets.
Calling such insurers the “tastiest morsels,” the REvil representative said accessing a list of customers with cyberattack insurance was the goal. With that list, ransomware gangs can pick and choose targets, secure in the knowledge the insurer will pay up.
“Then you hit the insurer,” the representative added. Exactly how this cyberattack played out inside TMiS remains unknown. Beyond confirming the attack, the insurer is giving little away.
“We have appointed an external specialized vendor to perform a third-party analysis of the systems to verify the scope of impact,” said Tokio Marine Holdings on Monday.
“We sincerely apologize for any inconvenience and concern caused to our customers or related parties.”