Cyber Threats Never Sleep: Emerging Cyber Risk During and After COVID-19
WHY THIS MATTERS
During the coronavirus crisis we have learned that nefarious threat actors never sleep – they continue to conduct cyberattacks.
As COVID-19 fatigue sets in, our cybersecurity measures may not be enough. Beyond remote workplaces, cybercriminals are targeting government agencies, such as the US Small Business Administration (SBA), the Pentagon, and crucial healthcare organizations.
Attack vectors continue to pack a punch. For example, Maze ransomware attacks - aka double extortion - involve: 1) stealing data 2) encrypting data 3) demanding a ransom payment 4) threatening to publish and expose exfiltrated data if ransom not paid.
Focusing on the human element in cyber hygiene means increasing awareness and training of our employees, implementing the use of a Virtual Private Network (VPN) and Multi-Factor Authentication (MFA), and being mindful of updating protocols (settings, passwords, patching, and operating systems).
The right cyber insurance policy provides valuable services when responding to a cyber incident. You need not go it alone.
Right now, many of us have COVID-19 fatigue and look forward to returning to normal. Meanwhile, hackers exploit the coronavirus crisis with a surge in cyberattacks.
This uptick in cyberattacks is exactly the time when we must maintain our cyber defenses, expand our cybersecurity practices, and consider cyber insurance appropriate for cyber risk tolerance.
US Small Business Administration
The SBA has revealed a suspected data breach impacting the portal used by business owners to apply for emergency loans. They have notified nearly 8,000 businesses that their personally identifiable information (PII) may have been exposed to other businesses via the application portal for Economic Injury Disaster Loans (EIDL) on or about March 25, 2020. The EIDL is part of the SBA and separate from the Paycheck Protection Program (PPP) created in the CARES Act.
Surge Attacks on the Pentagon
Reports indicate that the US Defense Department has faced unprecedented threats as hackers seek to take advantage of employees with security clearances who are forced to work from home. The threat is particularly insidious for the military and other elements of US national security during this crisis.
The Pentagon has seen a surge in cyberattacks, as hackers exploit restrictions from the pandemic that force an unprecedented number of US Defense Department employees to communicate almost entirely by computer systems. The attack vector of choice is social engineering, which manipulates or tricks individual users into divulging confidential information or changing behavior. Cybercriminals exploit our inherent sense of trust, causing individuals to divulge passwords or wire funds to fraudulent bank accounts due to emails and text messages, ostensibly from a known source. The individual unwittingly gives hackers the keys to the castle, and from that point, they access their private networks.
A Lieutenant General in the Air Force commented that with great opportunities come great challenges – referring to how the increase in remote work capacity may change the Defense Department for the better. But in the meantime, hackers are taking advantage of previously untested vulnerabilities.
Healthcare Organizations Facing Ransomware Attacks & Phishing Scams
Scams by so-called gray-marketers for personal protective equipment have been increasing steadily as healthcare professionals face shortages of critical supplies. Please see our earlier Cyber Threat Alert on Coronavirus Scams.
The FBI has issued a warning about Kwampirs malware targeting supply chains. The healthcare sector supply chain attacks deploy Kwampirs Remote Access Trojan (RAT) that exploits network vulnerabilities of the targeted organization, granting remote computer access to attackers.
Maze ransomware attacks (first discovered in 2019 and referred to as double extortion) involve: 1) stealing data, 2) encrypting data, 3) demanding a ransom payment, 4) threatening to publish and expose exfiltrated data if ransom not paid.
Researchers have discovered a Maze web page, listing the identities of their non-cooperative victims and publishing details of dozens of companies, including law firms, medical service providers, and insurance companies, that have refused to pay a ransom.
These Maze ransomware attacks are game-changers for cyber risk mitigation because even with backups (which can be used to restore lost or stolen data), businesses face the additional threat of publication of confidential or sensitive information.
Stand-Alone Cyber Insurance Coverage
Location, Location, Location
Most cyber policies provide broad, affirmative coverage for a security event (as defined in the policy). That means that the cyber policy will provide coverage regardless of where the breach or security event occurs, in the workplace, or working remotely at home.
Notably, in cyber insurance policies, social engineering coverage often refers to fraudulent funds transfer coverage where employees are manipulated (duped) into sending funds to cybercriminals or fake bank accounts.
Recently, we reported on the issue of “Silent Cyber.” Relying on other lines of insurance, such as commercial crime policies, or other non-affirmative cyber insurance policies, is a risky business. Resolving social engineering insurance coverage disputes in court is costly, time-consuming, with no guarantee of social engineering coverage.
Many cyber liability policies provide cyber extortion coverage to protect your business against ransomware losses. During the COVID-19 crisis, we have seen new ransomware threats to businesses of all sizes, even to facilities tasked with saving lives.
- Ransom payments – when hackers lock your network or computer system demanding payment of ransom for the key to unlock your system.
- Loss of business income during the cyber event – after a brief waiting period.
- Extortion-related expenses – when you incur expenses because of the extortion threat, such as expenses you incur to make the ransom payment and the cost of hiring a security expert to advise you on how to respond to a threat.
- Repair costs – when you sustain losses due to damage, disruption, theft, or misuse of your data, such as the cost to restore, replace or reconstruct programs, software, or data.
Keep in mind the notice requirements in a ransom scenario. The policyholder is required to obtain prior written consent from their insurance company before paying a ransom. Otherwise, you may not be covered. The same holds true for hiring a consultant to help your company negotiate with the extortionist. Obtain approval upfront to have the consultant’s fee covered.
Most cyber insurance policies provide data breach coverage, both first-party coverage costs for data breach response, investigations, legal notification obligations, and services, as well as third-party liability coverage for damages paid to third parties for claims or lawsuits.
Stop nefarious threat actors from capitalizing on our cyber vulnerabilities during COVID-19, by obtaining stand-alone cyber insurance from a specialized cyber insurer and broker. Cyber insurance is a valuable, complementary solution to your cybersecurity practices, procedures, and tools.
- Cybercriminals seek out vulnerabilities during a crisis, even at the very organizations tasked with saving lives and providing economic support.
- The COVID-19 pandemic has revealed a high-level of cyber risk faced by businesses and organizations from all industry sectors.
- We need to ensure proper cyber habits including unique, secure passwords, and regular updates to our patching, software, and operating systems.
- Your business can change for the better – by obtaining stand-alone cyber insurance from a specialist cyber insurance company and broker.
Contact Cyber Armada today to examine how your company faces potential financial losses from business interruption caused by a ransomware attack. Contact us at 888.727.6232.
Please watch for our next article on Data Privacy.