Cyber crime tactics evolve during COVID crisis | Insurance Business New Zealand
COVID-19 has impacted the global cyber risk landscape in multiple ways. It has triggered a boom in remote working environments and greater reliance on cloud-based technologies than ever before, both of which have elevated cyber-related exposures for almost every company. On a more individual level, the coronavirus crisis has led to an increased prevalence of social engineering as threat actors seek to capitalise on pandemic fears, while at the same time creating new challenges related to privacy and access to personal information.
“The events of 2020 remind us that the interdependencies on physical supply chains and the impact of intangible risks can be equally correlated to information technology,” said Lori Bailey (pictured above), global head of cyber risk, commercial insurance, Zurich Insurance Group. “Within a matter of days, many companies had to move to completely remote working environments and manage risks in a new and different way while maintaining a secure cyber perimeter.”
As the world’s attention was fixed firmly on the public health crisis and adapting to the COVID-19 ‘new normal’, cyber criminals took their opportunities to pounce. Throughout the pandemic, there has been an uptick in phishing scams – a fraudulent email intended to have the victim either wire funds directly or open a URL/attachment that installs malicious software on the victim’s computer.
“This type of attack has gained even more popularity during COVID-19 due to remote work and the organisational changes that accompanied it (hackers thrive on uncertainty),” commented Ronen Lago (pictured below), chief technology officer, CYE. Hackers have also preyed on human vulnerability, tricking people with scam emails directly related to the pandemic by posing as official and trusted sources like government and healthcare agencies. And social engineering doesn’t stop with phishing emails, as Lago pointed out: “Lately, hackers have begun taking advantage of deep-fake technologies to create fake video and audio recordings of corporate leadership to scam unsuspecting employees.”
Another rapidly growing trend in cybercrime is ransomware, a variation of malware that allows hackers to lock people out of their business systems until they pay a ransom to an offshore bank account, usually in cryptocurrency. In recent years, there has been a significant uptick in the frequency and severity of ransomware attacks, impacting businesses of all sizes and in all sectors. In 2019 alone, ransomware cost organisations around the world approximately US$11.5 billion, and the attacks have only increased since the start of the global health crisis in early 2020.
Lago commented: “Based on analysis by the hunting team at CYE, the hackers have grown more sophisticated during the past year, shifting from individuals and smaller, family-owned operations to larger companies that can afford bigger ransoms. Ransomware tactics have evolved as well. In 2020 we have seen a new wave of ransomware attacks that is called ‘double extortion.’ Here, threat actors maximise their chance of making profit by threatening the victim with an additional abuse of the information they encrypted, such as selling or auctioning it.
“The ransomware business has become so developed that we’re even witnessing gangs that operate Ransomware-as-a-Service (RaaS) models. One of them is the REvil crew. In this model, a group of people maintain the code while another group of ‘affiliates’ carry out the attacks, negotiations, receipt of the payment and the delivery of the decryptor, for 70%-80% of the ‘revenue’.”
The problem is, companies are fighting hackers on an unlevel playing field, where defence is much harder than offence. With the stakes so high, both Bailey and Lago encourage companies to take all the help they can get to improve their cyber incident resilience. Cyber insurance is just one part of that resilience puzzle. It must be coupled with the “implementation of preventative measures” such as specialised technology, testing, as well as employee training and education, is even more important, Bailey stressed.
“Cyber insurance has steadily evolved over the last several decades to address changes in technology, regulatory landscape and customer demand,” she told Insurance Business. “This has led to many extensions and broadening of coverage on cyber policies, particularly as traditional insurance products begin to address cyber-related exposures. For all businesses – and particularly SMEs – a strong product offering coupled with pre-breach services and robust incident response capabilities will afford the most comprehensive solution for cyber resiliency.”
To help Zurich clients shore up their cyber resiliency, the global insurer has partnered with CYE to combine Zurich’s specialist cyber insurance and risk engineering capabilities with CYE’s artificial intelligence-based technology, services and cyber expertise. Together, they help businesses establish strategies for: incident prevention (threat modelling, risk assessment, control implementation, monitoring, and assurance activities); incident preparation (planning, documenting, assigning responsibilities, training, and practicing response capabilities); incident response (investigation, containment, communications, eradication, notification, recovery, and remediation); and incident continuity (operational and technical contingency plans and processes).
Lago commented: “The connection between CYE and Zurich has created a win-win-win situation that helps companies reduce their risks and potential impact, which in turn lowers the size of the claims in case an incident does occur.”