Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    Premera And Anthem Both Hacked Using Shrewd Social Engineering

    PremeraHealth records are the new credit cards. They have a longer shelf life and are often easier to get. There are more opportunities for fraud. No wonder that bad guys are after them with a vengeance. However, there may even be more to the recent 11 million-record Premera Blue Cross hack. It looks like it was attacked using the same methods employed against health insurer Anthem, suggesting that it's the Chinese cyber army (Deep Panda) behind Premera. In that case the Chinese were after the health records of U.S. Government employees which could subsequently be used for highly targeted spear-phishing attacks.

    The Anthem attackers created a bogus domain name, "we11point.com," (based on WellPoint, the former name of Anthem) that was likely used in phishing attacks. Companies are supposed to use security awareness training to educate employees not to fall for such social engineering tricks but are not always successful.

    One of Deep Panda's attack methods is to create fake websites that imitate internal corporate services. In Anthem's case, the attackers set up several subdomains based on "we11point.com," created as clones of real services such as Anthem's HR, a VPN and a Citrix server.

    By targeting Anthem employees with phishing emails and luring them to the fake sites, it may have been possible for the attackers to collect the logins and passwords and eventually access the insurer's real systems. ThreatConnect, an Arlington, Virginia-based security company, found that Premera appears to have been targeted by the same style of attack. 

    On Feb. 27, ThreatConnect wrote a blog post describing its research into the Anthem attacks. In the course of that work, ThreatConnect found a suspicious domain name -- "prennera.com."

    Anthem and law enforcement have yet to say who they believe may be responsible, and the Premera investigation is in its early stages. If an attacker is named, it could put further pressure on the U.S. government, which has shown less and less tolerance for what are classified as state-sponsored attacks. More detail at ComputerWorld

    Stepping end-users through effective security awareness training would be a major deterrent to attacks like this. Find out how affordable this is for your organization today.

    Get A Quote Now

     

     

     

    Related Pages: Spear PhishingSocial Engineering

     

    Return To KnowBe4 Security Blog

    Topics: Social Engineering, Spear Phishing, Security Awareness Training

    Stu Sjouwerman

    ABOUT STU SJOUWERMAN

    Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

    Read more from Stu »

    Subscribe to Our Blog


    Security Awareness Training
    Blog RSS Feed
    Comprehensive Anti-Phishing Guide
    All Posts

    Posts by Tag

    See all

    Posts By Topic

    View All

    Get the latest about social engineering

    Subscribe to CyberheistNews