Premera And Anthem Both Hacked Using Shrewd Social Engineering

PremeraHealth records are the new credit cards. They have a longer shelf life and are often easier to get. There are more opportunities for fraud. No wonder that bad guys are after them with a vengeance. However, there may even be more to the recent 11 million-record Premera Blue Cross hack. It looks like it was attacked using the same methods employed against health insurer Anthem, suggesting that it's the Chinese cyber army (Deep Panda) behind Premera. In that case the Chinese were after the health records of U.S. Government employees which could subsequently be used for highly targeted spear-phishing attacks.

The Anthem attackers created a bogus domain name, "," (based on WellPoint, the former name of Anthem) that was likely used in phishing attacks. Companies are supposed to use security awareness training to educate employees not to fall for such social engineering tricks but are not always successful.

One of Deep Panda's attack methods is to create fake websites that imitate internal corporate services. In Anthem's case, the attackers set up several subdomains based on "," created as clones of real services such as Anthem's HR, a VPN and a Citrix server.

By targeting Anthem employees with phishing emails and luring them to the fake sites, it may have been possible for the attackers to collect the logins and passwords and eventually access the insurer's real systems. ThreatConnect, an Arlington, Virginia-based security company, found that Premera appears to have been targeted by the same style of attack. 

On Feb. 27, ThreatConnect wrote a blog post describing its research into the Anthem attacks. In the course of that work, ThreatConnect found a suspicious domain name -- ""

Anthem and law enforcement have yet to say who they believe may be responsible, and the Premera investigation is in its early stages. If an attacker is named, it could put further pressure on the U.S. government, which has shown less and less tolerance for what are classified as state-sponsored attacks. More detail at ComputerWorld

Stepping end-users through effective security awareness training would be a major deterrent to attacks like this. Find out how affordable this is for your organization today.

Get A Quote Now




Related Pages: Spear PhishingSocial Engineering

Subscribe to Our Blog

Comprehensive Anti-Phishing Guide

Get the latest about social engineering

Subscribe to CyberheistNews