A Sense of Security Blog

Vulnerable Web System Costs Nationwide Insurance $5.5M

On August 10, 2017, Nationwide Mutual Insurance Co. agreed to pay $5.5 million to settle legal actions from a 2012 computer hacking case that exposed the personal data of 1.2 million consumers.

Based on court proceedings, it was revealed that hackers exploited a vulnerability in web software used by Nationwide Insurance and a subsidiary, Allied Property & Casualty Insurance Co.

Hackers were able to gather a large amount of consumer information including Social Security numbers, driver’s license numbers, dates of birth and other bits of data that could be used to build elaborate target profiles.

The state determined that Nationwide did not apply a critical patch to its software—which was provided three years prior—to correct this discovered vulnerability.

Recent ransomware such as WannaCry and NotPetya exposed that unpatched vulnerabilities continue to be a common point of compromise leading to successful attacks. In these examples, vulnerability management tools were part of the overall security program and executed, however, many of the scanned devices were missing from known pools of managed devices. Therefore, even if the organization was proactive in their patching process, there were too many systems left unpatched because they were simply not known. Some was due to dynamic changes being difficult to track, which left asset lists not up to date, rogue infrastructure, and shadow IT. Shadow IT continues to be a huge issue where resources are spun up to support unauthorized applications, but are not actively managed.

At Lumeta, we have found that up to 40 percent of infrastructure can be missed and subsequently unmanaged and unpatched, and on average, more than 20 percent of infrastructure falls into this category. All it takes is ONE device for an attacker to compromise to gain access to your network and associated assets. Attackers KNOW this and know how to find those devices.

Many vulnerability management vendors claim “continuous monitoring” to detect vulnerable infrastructure, but are failing to monitor the network in real-time, which is critical to discovering attacks. Many of these solutions focus on monitoring endpoint activity but don’t effectively monitor the network in real-time for changes. “Continuous” monitoring really means periodic, where they poll network elements and endpoints. An attacker can use this polling interval to do plenty of damage and essentially hide in between. These solutions can miss identifying activity like WannaCry, which opened a path to a known malicious domain and subsequently transmit data.

How It Could Have Been Prevented

Lumeta has partnered with several endpoint vendors to combat this very problem. Our flagship product, Lumeta Spectre, recursively and authoritatively indexes all connected endpoints (plus all networks and devices), whether physical, mobile, virtual, cloud. Lumeta Spectre immediately detects and monitors new devices connecting to the network, enabling organizations to obtain real-time network visibility for endpoint security across the entire enterprise network.

Lumeta combines patented capabilities to discover up to 40% more of your unknown, unmanaged, rogue, and shadow IT infrastructure and instant real-time monitoring married with threat intelligence to prevent threats based on changes across your  dynamic network infrastructure.

When we take that unique level of visibility and combine that with threat intelligence we achieve a new level of what we call Cyber Situational Awareness to help security and network teams identify potential malicious or harmful activity on the network, and provide them with the context and intelligence to detect and stop threats before a breach.

To learn more about how Lumeta’s solutions can eliminate 100% of your blind spots to offer more comprehensive  protection for endpoints and against vulnerabilities, please check out the Lumeta Spectre Endpoint Solution Integration datasheet and Lumeta Spectre and Qualys Real-Time Vulnerability Management datasheet. To learn how Lumeta Spectre can provide unique network visibility paired with security intelligence to detect attacks, visit http://www.lumeta.com/products/spectre.