This article was provided by Coalition Inc.
The number of common vulnerabilities and exposures (CVEs) impacting organisations grows yearly. This influx of emerging risks makes prioritising risk management more challenging for security teams and their partners.
Higher profile cyber events can quickly escalate and create an ‘all hands on deck’ situation for security teams, whether the risk leads to claims or losses. In this article, cyber insurance provider Coalition looks at two CVEs from 2023 and provides insights to help brokers and organisations better prepare for what may come in 2024.
On May 31, 2023, Progress Software disclosed a critical vulnerability in its file transfer program, MOVEit, which, over time, emerged as the most significant CVE of the year. The Cl0p ransomware gang capitalised on the vulnerability and compromised over 2,000 global organisations. This attack reminded us again that businesses are only as protected as the vendors they depend on, and Cl0p’s success showed other threat actors how lucrative attacks on third-party vendors can be.
Security defenders will likely be grappling with the downstream impacts of this attack for years to come. Threat actors left minimal evidence of the attack, making cleanup challenging for victims and the possibility of reinfections very real. This attack also marked a mainstream instance of data exfiltration rather than data encryption.
This year, we expect other attackers to mimic Cl0p’s efforts, making third-party risk a major pain point for organisations of all sizes worldwide. Moving forward, businesses and risk managers must understand that third-party providers in their supply chains are also part of their cyber risk.
To minimise third-party risk and prevent cyberattacks, brokers and their clients should look for cyber insurers that proactively notify about vulnerabilities and other security concerns. For example, Coalition proactively notified impacted policyholders on June 1, 2023, and sent follow-up communications after subsequent vulnerabilities were disclosed. This led to policyholders remediating the vulnerability and fewer related claims. This CVE also highlights the importance of incorporating third-party risk monitoring into a company’s security strategy, especially if they depend on multiple vendors for services, as is the case for most SMEs.
At Coalition, we provide a Cyber Risk Assessment (CRA) that gives each business a personalised risk score and action items to remediate the risks most likely to result in a cyber incident. We also provide attack surface monitoring through our cyber risk management platform, Coalition Control. With Control, policyholders can monitor their evolving risk, as well as the risk profiles of their third-party partners and vendors.
On October 16, 2023, the Cisco-owned company Talos announced a vulnerability in the web UI feature of Cisco IOS XE Software. The vulnerability allowed threat actors to access affected systems and elevate their privilege level, effectively taking full control of the network.
In response, Talos provided indicators of compromise (IOCs) that could be remotely checked, and tens of thousands of compromised hosts responded. Over the next few days after the vulnerability's release, a small turf war took place. Attackers appeared to be deploying updated tactics, and the initial attackers were displaced by an unknown group of more sophisticated threat actors.
Despite this vulnerability impacting very few Coalition policyholders, Coalition Incident Response (CIR) proactively contacted policyholders running the impacted version due to the ability it afforded threat actors to quickly and easily elevate their privilege level.
This is an example of a vulnerability that could be avoided with the right security measures. Risk assessments, like the one provided by Coalition, can show that accessible administrative web panels accessible over the internet are a common risk factor for any organisation. Risk assessments can also be useful tools for brokers to explain risks to their clients and the potential impact on their insurability.
Keeping up with the latest threats and how they could impact organisations can be challenging for brokers who act as risk advisors to their clients. In looking at these two high-profile 2023 vulnerabilities, there are key takeaways for brokers to help their clients improve their security defences for 2024:
1) Clients need to better understand their attack surface (or the total ways that threat actors could get into their systems), including the risks they take on via third parties. They can do so with a detailed risk assessment and risk management platform. Coalition Control is one example of a continuous monitoring solution that helps clients decrease their attack surface and improve security controls.
2) Brokers shouldn’t wait for CVEs to hit the news but instead stay current on the latest threats with security alerts from cyber insurers or through public organisations, such as the National Cyber Security Centre.
3) Don’t forget about old CVEs: Coalition’s network of UK honeypots (decoys set up to look like exposed vulnerabilities that insurers like Coalition use to learn about attacker behaviours) showed that attackers often target old vulnerabilities. Brokers should encourage their clients to patch and update their software regularly.
In 2023, multiple vulnerabilities demonstrated why cybersecurity hygiene is so important. Cyber insurers, like Coalition, can help organisations maintain good cyber hygiene and improve their defences to minimise the impacts of vulnerabilities like those that impacted Progress Software and Cisco last year.
