Maksim Kabakou - Fotolia
A major cyber insurance carrier has fallen victim to a cyber attack, though the nature of the attack remains unclear.
In a statement Wednesday, CNA Financial not only confirmed the recent cybersecurity attack, but also called it a "sophisticated" one. CNA is one of the biggest insurance companies in the U.S., with over 6,000 employees. Its policy offerings include cyber insurance coverage for attacks like one CNA itself has sustained.
According to a statement on the company's homepage, the attack took place Sunday and caused a network disruption that impacted certain systems, including corporate email. Subsequently, systems were taken offline. An investigation with third-party forensics and law enforcement is underway, though the company didn't say whether ransomware or data theft -- or both -- are involved.
"Out of an abundance of caution, we have disconnected our systems from our network, which continue to function. We've notified employees and provided workarounds where possible," the statement said. "Should we determine that this incident impacted our insureds' or policyholders' data, we'll notify those parties directly."
Bleeping Computer was first to report the cyber attack Tuesday after CNA's website went down. CNA issued its statement the following day, saying it was experiencing issues this week including the "network disruption" which suggests a possible ransomware attack.
CNA did not response to requests for comment on the cyber attack.
CNA is the second cyber insurance company to sustain a cyber attack in the past year. Chubb was reportedly hit by Maze ransomware in March 2020, though the ransomware gang has since retired. Maze listed Chubb on its public-facing data leak website, which the group used to pressure victims into paying. While Chubb never confirmed the ransomware attack or attributed the attack to Maze, it did confirm that it was investigating a possible data breach.
Cyber insurance providers appear to have become targets for threat actors. The Record by Recorded Future recently interviewed an alleged REvil ransomware actor who claimed to target cyber insurance companies to obtain customers lists for future attacks.
Kevin Kline, a former FBI agent and COO of infosec consultancy The Aggeris Group, said he expects skilled ransomware groups to begin targeting insurance companies more so they can attack policyholders and demand even higher ransoms.
While the cyber insurance market has grown rapidly in recent years, the debate over whether cyber insurance encourages more ransomware attacks continues. While it can help enterprises to offset financial consequences, some security experts feel it increases a company's willingness to pay the ransoms, which incentivizes threat actors to continue attacks and demand higher payments.
Security news editor Rob Wright contributed to this report.