Last week, PinnacleOne examined the state of aviation cybersecurity given recent incidents and federal action.

This week, we boost our view into orbit and dive into the intersection of cybersecurity and geopolitical risk facing the rapidly expanding space economy.

Please subscribe to read future issues — and forward this newsletter to interested colleagues.

Contact us directly with any comments or questions: pinnacleone-info@sentinelone.com

Insight Focus: Commercial Industry in Contested “Space”

In early April, the United States Space Force (USSF) released their first Commercial Space Strategy, embarking on a major shift in its approach to space operations, one that recognizes the pivotal role of the private sector in driving innovation. This USSF move to integrate commercial space solutions into “hybrid architectures” will raise critical issues of “dual-use capabilities” facing cyber and counterspace threats from China and Russia across peacetime, crisis, and conflict.

This strategic shift is not just about leveraging commercial space capabilities, but also about managing the inherent cyber and interdependent risks that come with relying on private sector systems. The specter of cyberattacks on commercial space systems, with the potential for cascading impacts on military operations and the broader economy, looms large in this equation, even as the space economy is projected to reach $1.8T in value in the next 10 years.

Rapid innovations like SpaceX’s Starlink and Starshield, and other advanced orbital systems servicing an emerging commercial space economy present a double-edged sword for the USSF:

• Opportunities to enhance capabilities and resilience in peacetime, while
• Ensuring security and interoperability in crisis or conflict.

Investments by the U.S. and China in intelligence, tactical, and strategic platforms will drive most of the state-directed activity, but commercial and scientific activity will also accelerate as more nations get into the space game. Just in the last decade, the United Arab Emirates, for example, created a space agency, put an astronaut on the International Space Station (as did Saudi Arabia), sent a probe to Mars, and is collaborating with NASA on the lunar Artemis program.

Security Implications of Dual-Use Commercial Space Capabilities

One of the most significant challenges lies in the inherent ambiguity of dual-use space tech: capabilities developed for benign purposes (e.g., on-orbit satellite rendezvous) could also be used for military operations (e.g., tactical recon in a crisis or offensive operations in conflict). This blurs the lines between commercial and military applications and creates legal and ethical quandaries in a fast growing strategic industry mixed with large legacy government contractors and “deep tech” commercial startups desperate for product-market fit and sustainable business models.

The evolving risks in the space domain, starkly illustrated by Russia’s nuclear ASAT system and China’s growing space capabilities, underscore the paramount importance of robust Space Domain Awareness (SDA) and resilient architectures that give the U.S. warfighter an advantage in a contested environment. Chinese or Russian cyberattacks on US commercial satellites could disrupt military operations in crisis or conflict, with broad-scale and cascading commercial and economic effects on the ground.

The USSF’s approach to hardening immature startups is key, given the latter’s tight budget constraints and financial imperative to grow first, secure later. Space assets are of high value (to both their owners, customers, AND their attackers) but are deployed by businesses that require high capital investment and run on thin margins. This combination presents a real problem for DoD’s Commercial Space Strategy. This issue is of critical importance not only to firms in the space industry but also to those in cybersecurity and the vast array of businesses and sectors that depend on both – which, in today’s interconnected world, is essentially everyone.

The DoD has had ongoing challenges rolling out updated cybersecurity requirements for contractors, announcing plans for a revised “Cybersecurity Maturity Model Certification 2.0” program more than two years after it delayed an initial CMMC rule in late 2020. It may finally finalize the rule by the end of 2024 and requirements will waterfall down to all defense contractors soon after. Meanwhile, the USSF has already pushed out cybersecurity requirements that go beyond what CMMC requires, so space force contractors will have to comply with both.

Crisis and Conflict in Space

In a conflict scenario, the risk of kinetic or cyber attacks on U.S. commercial satellites is magnified. Balancing risk-sharing between USSF and the industry in peacetime is critical for resilience in war, as is the expectation setting for reciprocity, indemnification, and restitution.

In fact, the Space Force expected to begin identifying members of its newly formed Commercial Augmentation Space Reserve (CASR) by 2025 (the equivalent of DoD’s Civil Reserve Air Fleet for aviation and the Maritime Administration’s National Defense Reserve Fleet), focusing on space domain awareness, satellite communications and intelligence, surveillance and reconnaissance.

However, a critical distinction from the aviation and maritime domains is that, in the space domain, the second it’s known that a commercial platform is supporting a military mission, they become a target. Even membership of such a Reserve program will likely raise the risk profile for participating firms, given the pervasiveness of the threat environment in space. For example, PinnacleOne has advised participants in the CRAF that they are likely a target of Chinese military hacking groups tasked with executing disruptive or destructive attacks in a crisis or conflict.

The Space Force is moving quickly to embed strong contractual requirements for cybersecurity and operational reliability, but has yet to issue a formal construct for sharing relevant threat information with CASR members. Also, it is an open question if and how US Space Command (SPACECOM) would protect and defend commercial space assets if attacked.

Commercial Risk Management in Space

The USSF’s strategic principles provide a guiding framework for its peacetime efforts:

• Balance
• Interoperability
• Resilience
• Responsibility

However, significant obstacles remain in the face of near-peer competitor threats that could emerge in a crisis. The ambiguity of crisis conditions will stretch gaps in existing doctrine and operational collaboration. The lines of effort outlined in the strategy serve as important signposts in peacetime:

• Transparency
• Integration
• Risk management
• Securing the future

The true test, though, will come in addressing the counterspace and cyber capabilities of China and Russia in a conflict scenario, particularly for priority missions. This is already a challenge in terrestrial cyber operational collaboration between the public and private sectors, with issues relating to information sharing, overclassification, and tactical coordination and deconfliction.

The USSF faces a daunting challenge in leveraging commercial technologies in peacetime while managing the risks inherent in relying on private systems in a contested domain during conflict. Wargaming exercises that integrate commercial partners and red team simulations – at both the level of operational/tactical peers and government and enterprise leadership – will be vital in preparing for these eventualities.

A Strategic Shift

The shift to a model of consuming commercial solutions represents a seismic philosophical change for the USSF, given its history of using legacy primes developing cost-plus platforms “behind the Green Door” of special access program secrecy. Navigating the complexities of great power competition in peacetime while mitigating the risks of over-dependence on potentially vulnerable systems in conflict will require a delicate balancing act.

The integration of commercial solutions into hybrid architectures offers the promise of enhanced resilience in peacetime. However, it also expands the potential attack surface in a crisis or conflict scenario. The USSF’s approach to setting robust cybersecurity standards and collaborating closely with commercial partners to secure networks will be critical to managing these risks.

Ultimately, the success of the USSF Commercial Space Strategy will hinge on the ability to artfully manage the intricacies of commercial-military integration in peacetime while being prepared to counter the multi-dimensional threats posed by China and Russia in a crisis or conflict situation. The stakes could not be higher, as the outcome will have far-reaching implications for U.S. space superiority in an increasingly contested domain.

High Risk, High Reward

As the USSF navigates this uncharted territory, it will need to be agile, adaptive, and proactive in its approach. Balancing the imperatives of leveraging commercial innovation, ensuring security and resilience, and maintaining a decisive edge over near-peer competitors will require a level of strategic finesse unprecedented in the history of military space operations.

The Commercial Space Strategy represents a bold vision for the future of the USSF. Its success will depend on the ability to harness the immense potential of the private sector while mitigating the inherent risks and challenges. As the USSF embarks on this journey, it will need to be guided by a clear-eyed understanding of the strategic landscape and an unwavering commitment to maintaining U.S. space superiority in the face of an uncertain and contested future.

Threat actors consistently alter and develop their schemes in order to further escalate their payoffs. In a new trend, ransomware affiliates are actively re-monetizing stolen data outside of their original RaaS agreements, especially as financial squabbles between threat actors emerge in the ransomware economy. The affiliates in such instances are starting to work with third-parties or external data leak services in order to re-extort victims who have already paid the ransom to the original attackers.

This blog post examines how affiliate attackers are embracing this new third-party extortion method, illustrated most recently by the ostensibly back-to-back cyberattacks on Change Healthcare and the emergence of services like RansomHub and Dispossessor.

ALPHV Exit Scam & Re-Extortion by RansomHub

In February 2024, a subsidiary of healthcare giant UnitedHealth Group (UHG) was forced to take down its IT systems and various services. The root of the disruption was a cyberattack by a BlackCat (aka ALPHV) affiliate on Change Healthcare, a healthcare technology platform used by the subsidiary.

Post-attack, ALPHV ransomware operators reportedly took down their data leak blog, servers, and operation negotiation sites, and failed to pay the affiliate their agreed share of the ransom.

Purportedly, Change Healthcare paid out the $22 million ransom demand, only to be targeted a second time just weeks after recovering from the initial attack. This time around, the ransomware attack was claimed by a threat actor working in conjunction with RansomHub, a new extortion group claiming to hold 4 terabytes of the victim’s sensitive data including personally identifiable information (PII) of active U.S. military personnel, patient records, and payment information.

It is believed that after ALPHV reneged on their payment, the affiliate partnered with RansomHub and re-used the data stolen from the initial attack in order to secure a pay off. At the time of writing, Change Healthcare has been removed from RansomHub’s DLS on April, 20, 2024, presumably due to payment and cooperation with the threat actors.

RansomHub RaaS

RansomHub emerged in early February 2024 with a simple data leak site (DLS). Their focus mirrors other historically well-known operations such as REvil, ALPHV, and Play with regards to their core values and overall mission statements.

RansomHub operates as a ransomware-as-a-service (RaaS), partnering with affiliates that work with a variety of ransomware families, including ALPHV and LockBit. Notably, RansomHub works with other threat actors and groups to republish and rebroadcast the availability of victim data. There are multiple, revolving Telegram groups dedicated to amplifying the reach of RansomHub’s leaks. An example of this is the “R3dd1sh_34_E4gl3_D4t4l34ks” channel (aka Reddish Eagle Dataleaks).

This development means that the data leak sites (DLSs) usually associated with a particular threat actor are no longer the only avenue of exposure for ransomware victims. Downstream amplification of these leaks is now common and generally open to all non-private Telegram or Discord groups.

Interestingly, according to RansomHub’s own “rules”, it does not allow:

• Affiliates to attack entities in the Commonwealth of Independent States (CIS), Cuba, China, Romania, or North Korea,
• Re-attacks for targeted companies that have already made payment, nor
• Attacks against non-profit organizations.

However, given the current situation faced by Change Healthcare, the second bullet in the list above appears to be a gray area, especially if re-extorting ransomware victims constitutes an attack.

Our research indicates that multiple affiliates are now partnering with RansomHub in an effort to regain profitability following the apparent collapse of ALPHV.

Dispossessor Data Leak Blog

Dispossessor emerged in February of 2024, advertising the availability of previously-leaked data for download and potential sale. These announcements were placed across multiple forums and markets, including BreachForums and XSS.

The X account @ransomfeednews recently posted regarding this new group, presenting their findings that indicated how Dispossessor “is not ransomware, but a group of scoundrels trying to monetize (on nothing) using the claims of other groups.” The group is also active in Telegram, posting similar announcements across well-trafficked Telegram channels.

Dispossessor initially announced the renewed availability of the data from some 330 LockBit victims. This was claimed to be reposted data from previously available LockBit victims, now hosted on Dispossessor’s network and thus not subject to LockBit’s availability restrictions.

Dispossessor appears to be reposting data previously associated with other operations with examples ranging from Cl0p, Hunters International, and 8base. We are aware of at least a dozen victims listed on Dispossessor that have also been previously listed by other groups.

In addition, there are apparent links to other aggregate-style operators like Snatch.

In many cases, the Dispossessor page links to the Dispossessor-Cloud repository. One victim was originally on CL0P’s data leak site in early 2023. Dispossessor’s data is identical to that hosted in the original CL0P magnet links for this and other victims.

Rabbit Hole Data Leak Site (DLS)

A third emerging service with potential to contribute to the expansion of monetization of previously leaked victim data is Rabbit Hole DLS, first observed on March 13, 2024. In an English translation of the site’s About Page, Rabbit Hole is described as a leaks “blog for small and medium-sized teams that do not have their own website”. The site is currently promoted in forums and dark markets.

Original Postings (RU):
блог для малых и средних команд у которых нет своего сайта

кроличья нора не является рансом группой, это общий блог для малых и средних команд. данный блог создан в целях оказания давления на корпорации, за счет большого количества публикаций разных команд — кроличья нора предлагает вам пристанище, где вы можете опубликовать любую утечку [гос учреждения и больницы являются исключением]

Original Postings (EN):
blog for small and medium-sized teams that do not have their own website

rabbit hole is not a ransom group, it is a general blog for small to medium sized teams. this blog was created in order to put pressure on corporations, due to the large number of publications from different teams – the rabbit hole offers you a haven where you can publish any leak [government institutions and hospitals are an exception]

Once a threat actor creates a Rabbit Hole account, victim leaks can be added, updated, and managed through its web portal. Each account manages their leaks through what is referred to as a ‘cabinet’ within the Rabbit Hole blog interface.

When posting leak data, the user is able to supply information including who they are and who the victim is such as the name of the company, URL, company description, publish date/deadline, any associated images, and additional text to be included with the public leak description upon publication. The download URL for associated leaked data is also supplied via this interface.

Once all details have been provided, they are submitted to higher level owners and managers of the Rabbit Hole blog. Moderators are then responsible for the ultimate public posting of the leak. The Rabbit Hole platform, ideal for emerging cybercriminals with little to no infrastructure or resources, could easily accommodate multiple small-time actors looking to monetize the same data leaks. We continue to monitor how this site develops.

Conclusion

As larger, established threat groups fold or re-brand, we can expect to see many affiliates cut out of pending payments. Since threat actors will hold onto exfiltrated data, the likelihood of that data being used to re-extort the victims is high and will continue to grow. While it may seem like common sense not to trust threat actors to hold up their end of a deal, the infosec community may continue to witness the fallout that happens when in-fighting and disagreements happen between cybercriminals as well as threat service providers and their affiliates.

The trust model upon which these RaaS agreements are created does not scale well, as most recently highlighted by security researchers monitoring the relationships between threat actors and affiliates in the ecosystem:

“Additionally, we saw a continuation of long-tailed data exfiltration defaults by threat actors in Q1, i.e., posting of information on a leak site after payment or “hostage trading” with other groups or individuals, which adds further evidence to the file on the lack of benefits to pay for suppressing a data leak or any confidence in a criminal actor keeping their word.”

As the ransomware and extortion landscape evolves, criminals will do what they need to do to protect their investments and paydays. Since affiliates carrying out a ransomware attack hold the actual data, they have the option to go elsewhere to monetize the data to collect payment. Organizations continue to be discouraged by global law enforcement agencies from paying ransoms when dealing with a cyberattack and to file a report with the IC3, contributing to greater cyber resilience to potential attacks.

Indicators

z5jixbfejdu5wtxd2baliu6hwzgcitlspnttr7c2eopl5ccfcjrhkqid[.]onion
ransomxifxwc5eteopdobynonjctkxxvap77yqifu2emfbecgbqdw6qd[.]onion
h6tejafqdkdltppzj7q34enltmfnpxaf7cseslv6djgiukiii573xtid[.]onion

dispossessor[.]com/
dispossessor-cloud[.]com/
205[.]209.102[.]218

tox[:]CE742906B254399832E4ED6EC1DDA50D7942F9A4F3F0FE46C19E1737FF29EF67DDAF3AB87B44
tox[:]36712626ED19B307ECB3E971AFDFAA449607100383DBE4C064CCD5909355D908AECCF6180CDA

actor:DISPOSSESSOR
actor:plzdbmagain1037
actor:ViDoK

Last week, PinnacleOne reviewed escalation dynamics in the Middle East.

This week, we turn our attention to domestic critical infrastructure with a look at recent developments in aviation cybersecurity.

Please subscribe to read future issues — and forward this newsletter to interested colleagues.

Contact us directly with any comments or questions: pinnacleone-info@sentinelone.com

Insight Focus | Aviation Cybersecurity

The aviation sector continues to face a complex and evolving cybersecurity threat landscape with nation-state actors, cybercriminal groups, and hacktivists targeting critical infrastructure. Last week, the FAA issued a ground stop order on Alaska Airlines for one hour due to an “upgrade issue with flight software that calculates weight and balance.” This follows a similar hour-long nationwide ground stop last year caused by a software update at United Airlines, a network-wide outage at WestJet caused by a service provider, and a ransomware breach at Sabre.

Most concerningly, on Friday, the Department of Homeland Security (DHS) published an official notice stating that the Transportation Security Oversight Board (TSOB) has recommended to the Transportation Security Administration (TSA) that a cybersecurity emergency exists, warranting the expedited implementation of critical cyber mitigation measures through emergency regulatory authority.

The TSOB – including the Secretaries of Homeland Security, Transportation, Defense, and the Treasury, the Attorney General, the Director of National Intelligence, and a National Security Council representative — convened a meeting to review TSA’s transportation security plans for cybersecurity in the aviation sector and provide a recommendation regarding TSA’s emergency determination to issue Joint Emergency Amendment (EA) 23-01.

During the classified briefing, the TSOB was presented with sensitive security information and intelligence regarding the severe cyber threat to the aviation transportation system. The board discussed the circumstances leading to TSA’s issuance of Joint EA 23-01, which requires performance-based cybersecurity measures to prevent the disruption and degradation of critical systems. The TSOB’s recommendation endorsed the need for TSA to proceed with these critical mitigation measures on an emergency basis.

This development came in the context of a September 2023 advisory from the Cybersecurity and Infrastructure Security Agency (CISA), which identified indicators of compromise at an Aeronautical Sector organization as early as January 2023. Nation-state advanced persistent threat (APT) actors exploited vulnerabilities in a public-facing application (Zoho ManageEngine ServiceDesk Plus) and a firewall device to gain unauthorized access, establish persistence, and move laterally through the network. CISA warned that “additional APT actors were also observed exploiting CVE-2022-42475 to establish presence on the organization’s firewall device.” APT interest in critical infrastructure means that such exploitation happens on other devices and software, too, not just the Zoho product in this particular alert.

Aviation Cybersecurity Risks

Leaks of intelligence documents in 2023 from Russia indicated a specific interest in targeting operational aviation systems. Further, Chinese threat actors are known to be targeting US critical infrastructure firms (including the aviation sector) given their military doctrine that sees disrupting civilian systems as a means of deterring or coercing US political decision-makers in a time of conflict.

Participants in the USAF Civil Reserve Air Fleet should also expect to be targeted for their role supporting contingency airlift requirements for the Department of Defense, something likely to be activated in a Taiwan crisis situation.

Against this geopolitical backdrop, aviation CISOs face a complex technology and cybersecurity risk environment, resulting from:

• Growing integration of new tech into legacy systems, including new connectivity interfaces and e-Enabled aircraft;
• Increasing federal cyber regulations and compliance requirements;
• Constrained security budgets that limit focus to catastrophic risks and compliance;
• Security cultures that often silo cyber/IT from the broader organization and create obstacles to effective enterprise engagement and operational collaboration;
• Tactically oriented people, processes, and tooling aimed at immediate triage, not strategic risk;
• Complex global supply chains that increase upstream risk exposure; and
• Increasing third-party risks from the economy-wide move to, and dependency on, cloud-enabled services and the associated shift in risk management responsibilities.

While the geopolitical threats to aviation cybersecurity grow, aviation faces the technical difficulty of defending complex legacy and modern systems. The industry must protect a uniquely broad range of vulnerable elements from its airport and online systems and data to vendor supply chains and airplane electronics. Despite all this, aviation cybersecurity’s resources and incentives lag the threat environment.

Corporate executives must recognize that the aviation industry remains at the frontlines of emerging geopolitical risk, and cybersecurity threats have the potential to cause significant operational, financial, and reputational damage. The TSOB’s recommendation and the CISA advisory underscore the urgency of the situation and the need for high-level, enterprise-wide engagement to address these risks effectively.

Investing in a comprehensive cybersecurity strategy, aligning technical and security stacks, and fostering collaboration between corporate and cybersecurity leadership is essential to mitigate the risk of a catastrophic event. As the DHS notice and CISA advisory demonstrate, the stakes are high, and failure to act decisively could result in severe consequences for the aviation industry and national security.

The aviation sector must consider modern, more expansive risk models to navigate a strategic environment at the nexus of emerging cyber and geopolitical threats. Even when the risks are clear and the gaps manifest, tight budgets and other business priorities can get in the way of building an effective security organization. This requires high-level, executive engagement across the enterprise to help leadership understand how these risks impact operational reliability, customer relations, corporate liability, shareholder value, passenger safety, and national security.

The combination of legacy IT/OT with new connectivity interfaces, sprawling third-party dependencies and digital supply chains, strained corporate balance sheets and infosec budgets, increasing regulatory mandates, highly visible industry stumbles, and aggressive nation-state threats indicate major turbulence ahead.

In an expanding collaboration between Chubb, one of the largest publicly traded property and casualty insurance companies, and SentinelOne, a cybersecurity leader, clients of SentinelOne who are also Chubb policyholders can now share their enterprise cyber health assessment data with Chubb. This facilitates a more efficient and precise underwriting process.

With the increasing emphasis on cybersecurity investment, insurance carriers are seeking greater transparency into their insureds’ cybersecurity health. The collaboration not only offers policyholders streamlined access to SentinelOne’s cybersecurity solutions, but also enhances transparency into policyholders’ cyber health investments through SentinelOne’s Vital Signs Report.

This post captures a Q&A between Craig Guiliano, SVP of Threat Intelligence and Policyholder Services at Chubb, and Bridget Mead, Senior Manager of IR Cyber Risk at SentinelOne, as they address some frequently asked questions about the Vital Signs Report.

Q: What is the Vital Signs Report?

Chubb/Guiliano: The Vital Signs Report (VSR) is an assessment of our policyholders’ cybersecurity posture. This report is going to be a game changer for not only how we, as the carrier, assess our individual policyholder’s cybersecurity health, but for our ability to assess our portfolio exposure as one of the world’s largest insurance companies. Our underwriters are quickly moving away from checkboxes on a questionnaire and moving towards data-driven policy renewal decisions.

SentinelOne/Mead: The VSR is based on a collection of internal signals that we mapped to the Center for Internet Security’s (CIS) Critical Security Controls (CIS Controls) CIS18 framework. We make the report available to all SentinelOne clients at no charge. It displays the strength of a client’s digital environment in areas important to cyber security and the cyber insurance underwriting process. The graphic below shows the major categories included.

Q: How do clients access this report?

SentinelOne/Mead: We’ve made it easy for Chubb policyholders to share this report with Chubb. It’s just a few clicks away. Clients can access the VSR report by going to the Singularity Marketplace page and selecting the Cyber Insurance menu item. From the Cyber Insurance menu, they can select Chubb and consent to the sharing via an End-User License Agreement (EULA). Chubb will be notified on their end that the report has been shared.

Chubb/Guiliano: Once we receive the VSR on our end, our policyholders will be able to view the report with their insurance brokers and Chubb underwriters. We’re expecting more transparent and robust conversations around loss control strategies with our policyholders that share this data with us. In addition, participating policyholders may enjoy incentivized policy pricing, subject to applicable insurance laws and regulations, and more efficient underwriting.

Q: What happens after the SentinelOne client clicks through the EULA?

SentinelOne/Mead: From a technical perspective, once the SentinelOne client does the EULA click through, the VSR examines the client’s SentinelOne console, collects the appropriate data signals, and populates the report.

Chubb/Guiliano: The VSR will be available to view by Chubb in near real-time, allowing efficient and timely feedback to policyholders, brokers, and underwriters. Chubb and SentinelOne have also worked to minimize  the sensitivity of the data being shared with Chubb. We omit any sensitive information, including IP addresses associated with identified vulnerabilities.

Q: How can the VSR help organizations with risk transfer?

Chubb/Guiliano: Traditionally, our underwriters use a series of questions and attack surface information to evaluate a policyholder’s risk. They might also pull historical data from claims that the policyholder has submitted. However, this kind of risk assessment doesn’t give us the full picture and could include false positives. The VSR provides a clearer and more accurate and efficient mechanism for our policyholder’s Security Teams to communicate information and controls to our underwriting teams.

The report will reduce the time and overhead that our policyholder’s spend. Additionally, it gives the policyholder a chance to think critically about their cybersecurity through access to Chubb’s expertise on risk of loss indicators, such as known vulnerabilities and common attack vectors – expertise that is based on 20+ years of actual loss data.

SentinelOne/Mead: The VSR helps organizations with their risk transfer by bringing visibility to their telemetry. SentinelOne has configured and crafted the VSR to identify vulnerabilities, configurations, and asset management controls with Chubb’s review to help policyholders proactively identify exposures. The information provided by the VSR will enable the policyholders to remedy elements that may need improvement, enhance their cybersecurity posture, and ultimately lower risk profiles. The VSR allows policyholders to discuss renewals more confidently with Chubb and brings more transparency to those conversations.

Q: What benefits may accrue from participating in the VSR Program?

SentinelOne/Mead: From a technical perspective, the VSR is an accurate and efficient way to assess a company’s cyber security posture. Current SentinelOne clients can look at the VSR and craft clear action items to enhance their use of our tools.

Chubb/Guiliano: Any benefit to our policyholder’s risk profile is a benefit to Chubb at-large and we’re eager to see our policyholders develop greater insight into their cyber risk profile and thus gain more informed negotiating power within the cyber insurance marketplace and possible premium savings.

Learn More

On May 2, 2024 at 1:00PM ET, join SentinelOne, Chubb, Aon, and CyberAcuView for a webinar discussion on data-driven underwriting. Panelists will discuss how data has transformed underwriting and insurability assessments as businesses work with their carriers and brokers to improve their risk profiles.

Chubb Disclosure: Chubb is the marketing name used to refer to subsidiaries of Chubb Limited providing insurance and related services. For a list of these subsidiaries, please visit our website at www.chubb.com. Insurance provided by ACE American Insurance Company and its U.S. based Chubb underwriting company affiliates. All products may not be available in all states. This material contains product summaries only. Coverage is subject to the language of the policies as actually issued. Surplus lines insurance sold only through licensed surplus lines producers. The material presented herein is advisory in nature and is offered as a resource to be used together with your professional insurance advisors in maintaining a loss prevention program. It is not intended as a substitute for legal, insurance, or other professional advice, but rather is presented for general information only. You should consult knowledgeable legal counsel or other knowledgeable experts as to any legal or technical questions you may have. Chubb, 202 Hall’s Mill Road, Whitehouse Station, NJ 08889-1600