Latest news with #JohnHultquist
Scoop
26-06-2025
- Business
- Scoop
Ceasefire Holds, But Experts Warn Cyber Tensions Between Iran And The West May Be Far From Over
As a U.S.-brokered ceasefire between Israel and Iran holds for now, cybersecurity experts are urging vigilance—noting that while military activity may have paused, cyber tensions are likely to continue simmering beneath the surface. 'In light of recent developments, the likelihood of disruptive cyberattacks against U.S. targets by Iranian actors has increased,' said John Hultquist, chief analyst at Google's Threat Intelligence Group. 'Iran already targets the U.S. with cyberespionage… and individuals associated with Iran policy should be on the lookout for social engineering schemes.' A new report from cybersecurity firm Radware adds weight to those concerns, warning that the Israel-Iran conflict has seen an evolution into a hybrid war that includes cyberspace. According to their latest advisory: Nearly 40% of global DDoS activity recently targeted Israel, with signs of spillover affecting the U.S., U.K., and Jordan. Hacker groups such as DieNet, Arabian Ghosts, and Sylhet Gang have issued warnings or taken credit for attacks, some aimed at Western nations. AI-generated disinformation and deepfakes have appeared across digital platforms, contributing to confusion and information warfare. 'Critical infrastructure, supply chains, and global businesses could become collateral targets if cyber tensions escalate further,' said Pascal Geenens, Director of Threat Intelligence at Radware. 'The Israel-Iran conflict of 2025 is a stark illustration of how modern hybrid warfare plays out online as much as in the real world.' While the ceasefire has reduced the immediate risk of open military confrontation, experts believe that cyberspace may remain a domain for ongoing friction—especially as cyber operations allow for plausible deniability and targeted disruption. Hultquist cautioned that while Iranian cyber operations may sometimes exaggerate their impact, the risk for individual organisations remains serious. 'We should be careful not to overestimate these incidents and inadvertently assist the actors,' he said. 'The impacts may still be very serious for individual enterprises, which can prepare by taking many of the same steps they would to prevent ransomware.' For now, the digital front may be quiet—but beneath the surface, it's likely that espionage and influence operations are still underway.
Arabian Post
24-06-2025
- Business
- Arabian Post
Aflac Confirmed As Latest Target of Cybercrime Spree
Aflac detected a cyberattack on its U.S. network on 12 June and contained the intrusion within hours. The company has confirmed that the attack may have compromised sensitive personal data, including Social Security numbers, claims and health information belonging to customers, beneficiaries, employees and agents. Operations remain fully functional as experts investigate the full extent of the breach. The insurer's SEC filing and subsequent statement referred to the perpetrators as a 'sophisticated cybercrime group'. While Aflac has not named the group outright, investigations by cybersecurity experts and law enforcement officials link the attack to Scattered Spider, a hackers' collective believed to be operating in the U.S. and U.K. that relies on social-engineering tactics—posing as tech support to manipulate employees into granting access. Cybersecurity analysts say attackers gained an initial foothold by deceiving staff over the phone. From there, they accessed and extracted files containing personally identifiable information—including health and claims records—though no ransomware was deployed and no systems were encrypted. That allowed Aflac to continue underwriting, processing claims and servicing policies without interruption. ADVERTISEMENT Aflac's customers list stands at more than 50 million policyholders in the U.S. and Japan, according to company disclosures. Given the volume of data handled and the indeterminate number of affected individuals, the insurer has begun offering two years of free credit monitoring and identity-theft protection services to anyone who may be impacted. Federal regulators will be notified in line with legal requirements. The incident forms part of a wider pattern affecting the insurance sector this month. Erie Insurance and Philadelphia Insurance Companies have reported analogous breaches. In Aflac's case, spokespersons indicated the breach fits a deliberate campaign targeting insurers—and it may not be an isolated incident. The profile of Scattered Spider draws attention for its youth-led structure, transatlantic reach and opportunistic targeting of high-value sectors. The group is notorious for high-profile breaches in the retail and hospitality sectors—including casino and hotel chains in Las Vegas during 2023—and more recently retailers such as Marks & Spencer, Victoria's Secret and United Natural Foods. Experts stress that Scattered Spider's approach is aggressive and rapid, capable of executing full-scale breaches within hours. Cynthia Kaiser, former deputy assistant director of the U.S. FBI's Cyber Division, warns that these attackers often register domains that mimic legitimate corporate help desks to support phishing campaigns, underscoring the importance of staff training and internal verification protocols. John Hultquist, chief analyst at Google's Threat Intelligence unit, notes that the group's expansion into the insurance domain occurred in parallel with extortion campaigns targeting both corporate and municipal entities. He cautions that financial and public-sector organisations may be next in line. Aflac has retained third-party cybersecurity specialists to conduct a full review of the compromised systems, isolate vulnerabilities and recommend improvements. An ongoing forensic analysis is underway to determine the exact scale of the data breach and prevent potential further intrusions. Market reaction was muted. Though Aflac shares dipped roughly 1.3 per cent in early trading following the disclosure of the incident, they have since stabilised near flat levels for 2025. This mirrors modest market responses observed during previous industry-wide breaches, reflecting investor confidence in operational resilience when ransomware is absent. Insurance-sector leaders are doubling down on cybersecurity investment. Firms are ramping up employee awareness campaigns, introducing multifactor authentication, simulating phishing drills and hardening external communication protocols. The FBI and the U.S. Cybersecurity & Infrastructure Security Agency have issued alerts urging immediate vigilance across the sector, particularly in call centres and help-desk functions.
Time of India
24-06-2025
- Business
- Time of India
US braces for 'low-level' cyberattacks by Tehran
WASHINGTON: US officials are warning businesses to brace for potential Iranian cyberattacks following American airstrikes on the country's nuclear sites, an event that experts say could draw a relatively small response from hackers.A bulletin from the Department of Homeland Security warned that Iranian hackers routinely target American technology, and that such activity is poised to occur after the US military operation. The message said that DHS hadn't identified any specific imminent threat."Low-level cyberattacks against US networks by pro-Iranian hacktivists are likely, and cyber actors affiliated with the Iranian government may conduct attacks against US networks," according to the bulletin issued Sunday. It also warned of potential retaliatory violence from extremists in the US. Iranian hackers have been accused in recent years of targeting banks, a Saudi oil company and US elections. The country has repeatedly shown a willingness to use cyberattacks against adversaries with stronger cyber capabilities than itself, including Israel, according to a 2024 threat assessment by US intelligence . Iran's top military general on Monday said that the American strikes on its nuclear sites had given Iran a free hand for retaliatory measures. Still, while Iranian cyberattacks could disrupt specific targets, John Hultquist, chief analyst at Google's Threat Intelligence Group, warned that the country frequently fabricates or exaggerates its capabilities "in an effort to boost their psychological impact." "We should be careful not to overestimate these incidents and inadvertently assist the actors," he said.
Time of India
23-06-2025
- Business
- Time of India
US braces for 'low-level' cyberattacks by Tehran
Live Events (You can now subscribe to our (You can now subscribe to our Economic Times WhatsApp channel WASHINGTON: US officials are warning businesses to brace for potential Iranian cyberattacks following American airstrikes on the country's nuclear sites, an event that experts say could draw a relatively small response from hackers.A bulletin from the Department of Homeland Security warned that Iranian hackers routinely target American technology, and that such activity is poised to occur after the US military operation. The message said that DHS hadn't identified any specific imminent threat."Low-level cyberattacks against US networks by pro-Iranian hacktivists are likely, and cyber actors affiliated with the Iranian government may conduct attacks against US networks," according to the bulletin issued Sunday. It also warned of potential retaliatory violence from extremists in the hackers have been accused in recent years of targeting banks, a Saudi oil company and US elections. The country has repeatedly shown a willingness to use cyberattacks against adversaries with stronger cyber capabilities than itself, including Israel, according to a 2024 threat assessment by US intelligence Iran's top military general on Monday said that the American strikes on its nuclear sites had given Iran a free hand for retaliatory measures. Still, while Iranian cyberattacks could disrupt specific targets, John Hultquist, chief analyst at Google's Threat Intelligence Group, warned that the country frequently fabricates or exaggerates its capabilities "in an effort to boost their psychological impact.""We should be careful not to overestimate these incidents and inadvertently assist the actors," he said.
Yahoo
23-06-2025
- Business
- Yahoo
US insurance giant Aflac says customers' personal data stolen during cyberattack
Aflac, one of the largest insurance companies in the United States, says hackers stole an unknown quantity of its customers' personal information from its network during a cyberattack earlier this month. The insurance giant confirmed Friday in a legally required filing with the U.S. Securities and Exchange Commission that the company identified hackers in its system on June 12 and contained the incident. Aflac, which provides supplemental insurance to individuals whose expenses are not covered by their primary providers, said it was not yet known how many customers are affected by the data breach, but that the personal data includes customers' claims, such as Social Security numbers and health information. The breach also included data from Aflac's beneficiaries, employees, and agents, the company said. Aflac said its systems were not affected by ransomware, but attributed the breach to an unspecified cybercrime group known to be targeting the U.S. insurance industry. According to its Friday press release, Aflac said the hackers used social engineering tactics to break into its network. An Aflac spokesperson, who did not provide their name, declined to answer TechCrunch's questions when reached by email on Monday. Aflac, which has around 50 million customers per the company's website, is the latest U.S. insurance company to experience a cyberattack in recent weeks, amid warnings that hackers are targeting the wider insurance industry. John Hultquist, the chief analyst for Google's threat intelligence unit, said last week that the unit was 'aware of multiple intrusions' in the U.S. that bear the hallmarks of activity linked to Scattered Spider, a loose-knit collective of hackers and tactics that rely on social engineering tactics and sometimes threats of violence to target company help desks and call centers in order to gain access to their networks. The hackers are also reportedly behind the recent intrusions at Erie Insurance and Philadelphia Insurance Companies, which disclosed cyberattacks this month, with disruption ongoing. The hackers linked to Scattered Spider attacks are known to be financially motivated, and have been previously linked to cyberattacks and intrusions at tech giants, casinos, and hotels, and recent data breaches across the U.K. and U.S. retail sector. Sign in to access your portfolio
