Chubb has identified and examined emotet, ryuk, and credential stuffing as the new dominant strains of ransomware that are wreaking havoc on businesses, including small and mid-sized enterprises (SMEs).
In its first quarter InFocus report, “Cyber Criminals Increasingly Target Small Businesses,” the cyber risk insurer noted an increase in business interruption claims due to emotet, a malicious software primarily spread through spam emails and is sometimes observed as a precursor to other troublesome types of ransomware, including ryuk.
Ryuk is a new, sophisticated ransomware strain that is particularly virulent, hard to detect, and characterised by very high ransom demands. Credential stuffing, meanwhile, is a type of cyberattack used to gain unauthorised access to online user accounts.
“Cyber criminals typically don't target specific small businesses, but they increasingly use tools that target their vulnerabilities," said Patrick Thielen, senior vice president of Chubb financial lines. “Those vulnerabilities are at times technical, like unpatched software or poorly configured hardware. But even more common are those vulnerabilities involving employees who may use weak or compromised passwords or may inadvertently click something they shouldn't have.”
“Cyber criminals know that SME leaders may mistakenly think that cybersecurity services are beyond their means, which makes SMEs more vulnerable to an attack,” added Anthony Dolce, vice president and cyber lead of Chubb North America financial lines claims. "However, we are living in an age where cyberattacks are constantly evolving and threatening businesses of all sizes, but especially small to mid-size businesses. Therefore, it remains critical for companies to understand this present age and develop strong risk mitigation strategies to lessen the impact of cyber threats."
The Chubb report also noted that in 2018, 21% of the Chubb cyber incidents reported by small businesses involved social attacks, such as phishing, 20% were due to error, and 14% were due to hacking.