Skip to content

Search the site

Insurance giant Aon says it has contained a cybersecurity incident

Incident was identified on February 25...

Aon, the world's second-largest insurance brokerage, says it has contained a cyber attack on its systems.

The insurance behemoth, headquartered in London, identified the incident on February 25, 2022.

It told regulators in an SEC filing posted February 28 that it had "identified a cyber incident impacting a limited number of systems. Promptly upon its identification of the incident, the Company launched an investigation, and engaged the services of third-party advisors, incident response professionals, and counsel."

Aon added: "The incident has not had a significant impact on the Company’s operations. Although the Company is in the early stages of assessing the incident, based on the information currently known, the Company does not expect the incident to have a material impact on its business, operations or financial condition."

Aon on February 4 reported full-year revenue of $12.2 billion.

Follow The Stack on LinkedIn

Beyond the initial disclosure little is known about the Aon cyber attack: cybercriminals continue to be highly active and opportunistic however; many exploiting the unholy trio of unpatched software with security vulnerabilities, leaked or easily brute-forced RDP, and effective phishing campaigns. Poor network segmentation and over-generous privileges continue to make it easy for attackers to move laterally once they have got an initial foothold; the tendency of some employees to save clearly signposted Word documents of passwords also doesn't help.

(When it comes to easily brute-forced RDP credentials or other password-related issues, Microsoft noted that in Azure Active Directory it observes 50 million password attacks daily via its telemetry, yet shockingly in 2022 only 20% of AAD users and just 30% of global admins are using strong authentications such as MFA.)

The Aon incident comes amid a febrile international climate however -- and a flurry of high-profile cybersecurity incidents has affected numerous major blue chips around the world in past 10 days.

Semiconductor company NVIDIA also saw its systems attacked and 1TB of data leaked last week. (The company later managed to encrypt that data -- the cybercrime group responsible saying in leaked Telegram message that they had used an NVIDIA employee's VPN account to launch the attack but this required being enrolled in a mobile device management  system that NVIDIA later used to connect to a virtual machine that the hackers used and encrypt the data. Unfortunately for the NVIDIA, the group says it has a copy however.)

Toyota meanwhile has been forced to shut down 28 production lines at 14 plants  in Japan after an attack on a supplier, while satellite broadband company Viasat says operations from its KA-SAT satellite have been affected by what it believes to be a cyber attack, knocking out remote monitoring capabilities for over 5,800 wind turbines at one downstream customer, Germany's ENERCON (output has been unaffected by the incident.)

See also: PwC’s post-incident report should be a textbook