1-888-643-2217 Email ABEX
Keeping you updated

Tag Archives: ransomware

Beware of “BazarCall” Ransomware Attack Method

The new attack method has been growing in use among well-known ransomware groups and was responsible for 10% of malware incidents last quarter.

What is it?

BazarCall is a new attack methodology, known as a T.O.A.D (telephone-oriented attack delivery), which utilizes a phishing email to trick the victim into phoning a call centre – rather than clicking a link – and instructs them to download malicious file which infects their computers. By doing so, the BazarCall attack subverts common cyber security controls and allows the hacker to carry out a ransomware attack undetected.

The phishing emails usually refer to a subscription, for instance an antivirus software, which the victim never requested. The phishing email falsely claims that the only way to cancel this fake subscription is to phone the call centre.

From there, the hacker verbally guides the victim through the process of downloading a malicious Excel file with macros and then enabling those macros, which in turn infects the computer with malware.

Why is it critical?

Because the BazarCall method doesn’t require the user to click a link (as you would expect in a normal phishing email) common cyber security tools like email security filters can’t detect it. The method also subverts security controls because the user is downloading the malware themselves, unlike some more typical cyber attacks where the hacker must first penetrate the network.

Workplace security awareness education about phishing emails and social engineering doesn’t often include warnings for telephone-oriented attacks, which makes this attack more lucrative for hackers and more challenging for businesses.

What has CFC seen?

In early 2022, CFC’s cyber threat analysis team, which is responsible for analyzing and responding to cyber threats on behalf of CFC’s cyber insurance clients, first observed an increase in adoption of this technique by a variety of well-known ransomware groups.

In response, CFC analyzed its cyber customer base and found that BazarCall accounted for 10% of successful malware infections detected across its cyber portfolio in the last three months.

However, by intervening quickly, to date CFC has detected and removed every case of this malware within its impacted customers, at no cost to them. This intervention can happen at three stages:

  • By identifying whether a specific victim has received the phishing email, but not called the phone number
  • Whether they’ve called the phone number within the email
  • Whether they’ve installed the malware

How to mitigate

In order to protect your business from such attacks it’s important you’re implementing the following:

  • Keep all software and firmware up to date: Every device needs antivirus software. If an employee downloads a malicious application like the one from Bazarcall, or if an application becomes infected, antivirus software along with modern, up-to-date firewalls will help to secure the device and remove the infection.
  • Implement multi-factor authentication (MFA) on all remote connections: MFA can help reduce the amount of lateral movement and privilege escalation hackers can achieve within your systems. Even if your password is in the hands of the criminal, it is unlikely they will have your other forms of verification too. For more on MFA best practices, read our cyber tips piece on multi-factor authentication.
  • Employee security awareness training: The majority of cyber attacks are the result of human error, particularly employees who inadvertently click on malicious links or fall victim to social engineering attacks like BazarCall. Carry out regular security awareness training with your employees and ensure it covers all types of social engineering attacks.

For other ways to keep your employees safe read our article, Staying Safe Online.

Source: www.cfcunderwriting.com


Should Ransomware Payments Be Illegal?

By Graeme Newman, Chief Innovation Officer at CFC Underwriting

Ciaran Martin, former head of the UK’s National Cyber Security Centre, is the latest security expert to champion the cause for making it illegal for cyber insurers to reimburse ransom payments. Quoted in a recent Guardian article, Martin claims that cyber insurers are “inadvertently funding cyber crime”. Like many similar articles quoting seasoned security professionals there is an underlying allegation that this move would not be supported by the insurance industry. That somehow it would fundamentally destroy the value proposition of the product and service we provide, and that we would rather that this crime continue to develop “because it’s good for business”.

I can’t claim to speak on behalf of the insurance industry, but having been involved in cyber insurance for almost 20 years now, I can say with some certainty that this is not how the industry thinks. In fact, I’d make a fairly large wager that most (if not all) of my peers would happily support a bill to make the reimbursement of ransoms illegal, if (and only if) that would actually solve the problem. Unfortunately, I don’t think it would.

Let’s leave aside for one minute the practicality of enacting – and enforcing – such a law, it feels that targeting insurers as the source of the problem is fundamentally mis-guided. Less than 15% of global businesses purchase this kind of insurance, so to suggest that eliminating part of it would fix what is now a global issue would be to ignore the other 85% of businesses who face the same problem without insurance.

There is no evidence to suggest that businesses who purchase cyber insurance are more inclined to pay a ransom demand than those without, in fact in my experience, it is quite the opposite. Armed with insurance a company can avail itself of the appropriate experts to guide them through the issue and support them through the recovery process, in the absence of this, most small businesses assume they have no other option but to pay.

Furthermore, to suggest that there are no laws in place already to prevent payments is fundamentally wrong. The US government has rightly reminded the industry of global sanctions laws, which make it illegal to facilitate payments to entities on the OFAC SDN list (and foreign equivalents). We are steadily seeing more entities related to cyber crime being added to these lists, and with insurers being regulated entities and most having US assets, this is already a powerful incentive to seek alternatives to paying ransoms.

There is no doubt that ransomware poses a serious threat to global business. Increasingly emboldened criminals are ditching their old tactics of ID theft and social engineering and moving to the increasingly lucrative business of extortion. Furthermore, the economic damage caused by ransomware is often many multiples of the billions the criminals are stealing, making this the worst form of financial crime. It is a problem that needs to be stopped.

But there are many reasons why this crime continues to develop:

  • Cryptocurrencies make it possible to launder billions of dollars with little fear of being caught. More must be done to clamp down on the exchanges that wittingly or unwittingly facilitate this crime.
  • The media continues to demonise businesses that fall victim to this crime, making them fear the accompanying negative publicity which in turn fuels the desire to pay rather than be “outed”. We must recognise that this is a crime and the only party that ought to be shamed is the perpetrator.
  • Recent tough privacy regulations should also be questioned. Their accompanying fines and potential route for statutory damages are making it even more lucrative for criminals to steal. Businesses now fear the financial consequences of the data being leaked, making this one of the most common tactics in the evolving crime of extortion. We must stop seeking to punish the victims and instead focus on preventing the crime.
  • Cyber insurance has a critical role to play in tackling ransomware. There are already close connections between the industry and global law enforcement, with threat intelligence being shared and data being gathered. By following carefully structured paths and involving the right professionals we can ensure that payments are only made when absolutely necessary and that law enforcement are kept informed so they can use the intelligence gathered to track and ultimately catch the perpetrators.

Our goal is to provide the support and resources necessary to help businesses recover as quickly as possible, and to ultimately help protect our clients from this increasingly serious source of crime. As an industry we are committed to doing all we can to ultimately eradicate this vile bi-product of the digital age. And with almost $1tr in policy limits exposed I don’t think there is any other part of the economy that has a stronger motivation to make it happen!

Click here to access the original article.


1 in 4 Internet Users Don’t Know How to Respond to a Ransomware Attack

The 2017 Centre for International Governance Innovation (CIGI)-Ipsos Global Study on Internet Security and Trust, which surveyed 24,255 users across multiple countries, recently found that 1 in 4 internet users would have no idea how to respond to a ransomware attack. In addition, the study found that just 16 per cent of users would know how to retrieve data from a backup while another 13 per cent wouldn’t even attempt to recover data if vital information was compromised.

This survey comes on the heels of the recent WannaCry ransomware attacks, which impacted over 200,000 users in at least 150 countries. Initial reports indicated that the WannaCry attack used ransomware to hijack computer systems and demand money in the form of bitcoin, a type of digital payment system.

The ransomware initially requested around $300 and, if no payment was made, it threatened to double the amount after three days and delete files within seven days. This type of cyber attack is common and can impact businesses of any size, so it’s important to know what steps to take in order to protect your business.

The WannaCry attacks illustrate the importance of ensuring that any and all software patches are up to date. For further protection, consider training every employee on cyber security, and instruct them to never click on suspicious emails or attachments.

Other ransomware precautions include the following:

  • Update your network if you haven’t yet and implement the appropriate software patches.
  • Turn on auto-updaters, if available.
  • Don’t click on links that you don’t recognize.
  • Don’t download files from people you don’t know.
  • Back up your documents regularly.

Following this attack, organizations are likely to be more proactive in adjusting security measures so malware can’t spread automatically. Taking these precautions into mind, your organization can avoid potentially costly ransomware attacks. As an added benefit, a higher focus on in-network security measures can make your organization more attractive to potential customers and other third parties.

© Zywave, Inc. All rights reserved


Canada Ranks Poorly in Lost Revenue and Continuity After Ransomware Attacks

Skull and crossbones on binary code with message of infection. Eps10. RGB. Global colors

Ransomware is a type of malicious software that is specifically designed to block systems or files until a victim—typically a company or high-ranking professional—has paid a sum of money to regain access. These types of attacks can be costly, sometimes averaging up to $50,000.

According to the recent report, the State of Ransomware, by malware remediation company Malwarebytes, Canadian businesses were among those most likely to pay ransomware demands. Additionally, the report, which examined 5,400 IT staff across Canada, the United States, the United Kingdom and Germany, showed that Canadian businesses ranked among the highest for lost revenue and business interruption following an attack.

In total, around 75 per cent of Canadian businesses admitted that they would pay an attacker to regain access to key systems and functionality. Other interesting findings from the report included the following:

  • Ransomware can impact more than the original infected system or file. In the report, Canada ranked the highest for ransomware penetration, as close to half of attacks affected 26 per cent or more of a company’s extended network.
  • Executives and senior-level staff are typically the targets of ransomware schemes.
  • On average, ransomware attacks in Canada were twice as expensive as those in the United States.
  • Business applications were found to be the most common vulnerability to ransomware in Canada. While email attacks are common in other countries, Canada’s strict anti-spam laws could be contributing to the lower number of email attacks.
  • Despite Canada ranking poorly in terms of business interruption and overall cost as it relates to the impact of ransomware attacks, 51 per cent of surveyed businesses claimed they were confident in their ability to stop an attack.
  • Health care and financial services were found to be the most common industry targets for ransomware attacks.

Ransomware attacks are a serious concern—one that continues to impact Canadian businesses. In the past year alone, more than one-third of security attacks in Canada were ransomware-related. To protect themselves from this ongoing threat, organizations should consider having a risk assessment done to determine and remediate potentially vulnerabilities.

© Zywave, Inc. All rights reserved


Blog

FOLLOW OUR BLOG

Receive notifications of new posts automatically.



ABEX - AFFILIATED BROKERS EXCHANGE IS ON FACEBOOK.

Like us on Facebook

Connect with us on LinkedIn