Cyber crime tactics evolve during COVID-19 pandemic
Read next: Seven ways to get the best cyber insurance terms in a hardening market
As the world’s attention was fixed firmly on the public health crisis and adapting to the COVID-19 ‘new normal’, cyber criminals took their opportunities to pounce. Throughout the pandemic, there has been an uptick in phishing scams – a fraudulent email intended to have the victim either wire funds directly or open a URL/attachment that installs malicious software on the victim’s computer.
“This type of attack has gained even more popularity during COVID-19 due to remote work and the organizational changes that accompanied it (hackers thrive on uncertainty),” commented Ronen Lago (pictured below), chief technology officer, CYE. Hackers have also preyed on human vulnerability, tricking people with scam emails directly related to the pandemic by posing as official and trusted sources like government and healthcare agencies. And social engineering doesn’t stop with phishing emails, as Lago pointed out: “Lately, hackers have begun taking advantage of deep-fake technologies to create fake video and audio recordings of corporate leadership to scam unsuspecting employees.”
Another rapidly growing trend in cybercrime is ransomware, a variation of malware that allows hackers to lock people out of their business systems until they pay a ransom to an offshore bank account, usually in cryptocurrency. In recent years, there has been a significant uptick in the frequency and severity of ransomware attacks, impacting businesses of all sizes and in all sectors. In 2019 alone, ransomware cost organizations around the world approximately US$11.5 billion, and the attacks have only increased since the start of the global health crisis in early 2020.
Lago commented: “Based on analysis by the hunting team at CYE, the hackers have grown more sophisticated during the past year, shifting from individuals and smaller, family-owned operations to larger companies that can afford bigger ransoms. Ransomware tactics have evolved as well. In 2020 we have seen a new wave of ransomware attacks that is called ‘double extortion.’ Here, threat actors maximize their chance of making profit by threatening the victim with an additional abuse of the information they encrypted, such as selling or auctioning it.
“The ransomware business has become so developed that we’re even witnessing gangs that operate Ransomware-as-a-Service (RaaS) models. One of them is the REvil crew. In this model, a group of people maintain the code while another group of ‘affiliates’ carry out the attacks, negotiations, receipt of the payment and the delivery of the decryptor, for 70%-80% of the ‘revenue’.”
Read more: Marsh sheds light on OFAC’s ransomware advisory
The problem is, companies are fighting hackers on an unlevel playing field, where defense is much harder than offense. With the stakes so high, both Bailey and Lago encourage companies to take all the help they can get to improve their cyber incident resilience. Cyber insurance is just one part of that resilience puzzle. It must be coupled with the “implementation of preventative measures” such as specialized technology, testing, as well as employee training and education, is even more important, Bailey stressed.
“Cyber insurance has steadily evolved over the last several decades to address changes in technology, regulatory landscape and customer demand,” she told Insurance Business. “This has led to many extensions and broadening of coverage on cyber policies, particularly as traditional insurance products begin to address cyber-related exposures. For all businesses – and particularly SMEs – a strong product offering coupled with pre-breach services and robust incident response capabilities will afford the most comprehensive solution for cyber resiliency.”
To help Zurich clients shore up their cyber resiliency, the global insurer has partnered with CYE to combine Zurich’s specialist cyber insurance and risk engineering capabilities with CYE’s artificial intelligence-based technology, services and cyber expertise. Together, they help businesses establish strategies for: incident prevention (threat modeling, risk assessment, control implementation, monitoring, and assurance activities); incident preparation (planning, documenting, assigning responsibilities, training, and practicing response capabilities); incident response (investigation, containment, communications, eradication, notification, recovery, and remediation); and incident continuity (operational and technical contingency plans and processes).
Lago commented: “The connection between CYE and Zurich has created a win-win-win situation that helps companies reduce their risks and potential impact, which in turn lowers the size of the claims in case an incident does occur.”