THE FULL STORY OF THE 2011 RSA HACK CAN FINALLY BE TOLD – Wired
May 20 2021
“Vishing”: An Ever Evolving Persistent Threat to the Public
Last month, my wife was contacted by a phisher, mascaraing as someone from social security. This threat actor made an attempt to obtain her social security number using the threat of fraud investigation to verify her social security number. Because of my background in security, I was able to act quickly to prevent her from compliance and educated her on the phish attack. For many people, this ends in far less positive outcomes because there is not enough education and prevention out there. The majority of organizations will never request or disclose personal identifiable information (PII) and will only communicate via secure encrypted email or over traditional mail services. They will request an in person visit. For more information on securing your private information, visit: How to protect your personal information Caller ID is less reliable due to caller ID spoofing. This in part can be avoided by maintaining an address book in conjunction with a good call blocking service.
The majority of telecom providers offer programmable call blocking services, most of these operate with a programmable blacklist/whitelist. There are also third-party options on the device App Store. This function acts in many ways similar to malware detection and prevention. These features are also available as an add-on for a landline that blocks on a hardware level at the home or business demarcation point. This is slowly phasing out as more and more people are migrating to VoIP solutions or cellular based services. For more information on Caller ID spoofing, visit: howtogeek Dont trust caller id More information on call blocking at FCC Call blocking More information on call blocking for landlines at FCC Do not call list Opinion The best approach to handling telemarketers is a zero-trust approach, sellers you wish to do business with should be in your address book for ease of verification. Automated calling can potentially be used to gather recorded voice prompts as a potential persistent attack to gather voice commands to use on voice prompt services. These calls may also be used to verify the contact number is active and accepting calls. If you can avoid not answering a call or push it to voicemail, do it. Make sure you monitor your voicemail in the event a trusted contact is contacting you from a different contact source. Stay safe out there! ~Neumiller
Vishing attacks spoof Amazon to try to steal your credit card information
May 20 2021
Hiring remote software developers: How to spot the cheaters
How are software development applicants cheating?
Prior to COVID-19, many companies had engineering applicants take coding skills assessments in person. On-premises testing allowed employers to control the environment and observe the applicant’s process. Now, employers are providing these assessments (and getting observations) remotely, and applicants (almost exclusively at the junior level) are gaming the platforms.
The two most common strategies are plagiarism and identity misrepresentation. In the former, applicants copy and paste code found on sites like Github or they are lifting code from prior assessments administered by the same employer that have been published and/or sold online. (Companies that have only a few variations of a coding challenge will find, with a quick Google search, that prior test-takers have either posted it online or are offering the answers privately. They’ll even sprinkle in some minor differentiations so that it’s harder to catch.) Identity misrepresentation means asking or paying someone else to log in to the test platform and solve the test (or part of it) for the applicant.
Globally, the rate for plagiarism in 2020 was 5.6%, and suspicious connectivity patterns – indicative of session handover to someone else other than the applicant – appear in 6.48% of sessions. We are seeing a slight growth in the percent of sessions with suspicious behaviors, and this growth is visible in both global and financial markets in particular.
Some industries will have higher rates of cheating than others; for example, organizations in the government, education, and non-profit sectors can see up to double the global average for red-flag behavior. The general shortage of HR professionals with deep technical knowledge make practically all employers vulnerable to inefficiencies and the perils of under-qualified tech candidates making it too far into the recruitment funnel. Higher rates of cheating mean that IT professionals need smarter tools to avoid mis-hires.
Addressing this problem needs to be a priority for employers looking to hire remotely on a larger scale or as a permanent practice, because the short- and long-term consequences are always more costly than whatever investments they put into preventative safeguards.
Hiring a person who cheated in the recruitment process is a recipe for disaster, both for the employer and the employee. Job seekers will typically cheat because they lack the qualifications to pass the recruitment process or, sometimes, just lack the confidence that they can succeed. In either case, if the recruitment leads to employment, the nascent working relationship is botched from day one. The lack of qualifications surfaces sooner or later, frequently damaging schedules, reliability, and security of software products and services, not to mention driving business costs up and reputation down.
More alarmingly, common sense and academic research suggest (Peterson et al., 2011; Schneider & Goffin, 2012), says that the lack of integrity has a potential to reoccur on the job, quite possibly leading to security breaches immensely more dangerous than software bugs. Last but not least, it is plainly emotionally difficult for many individuals to grow a healthy relationship towards the employer and the workplace when the relationship started with dishonesty.
![Don't Hire a Software Developer Until You Read this Book: The software survival guide for tech startups & entrepreneurs (from idea, to build, to product launch and everything in between.) by [K.N. Kukoyi]](https://m.media-amazon.com/images/I/51a9ala-KuL.jpg)
May 19 2021
AXA Hit By Ransomware Attack Days After Dropping Ransomware Insurance Policies
AXA’s branches in Thailand, Malaysia, Philippines and Hong Kong have been hit by a ransomware attack, with hackers claiming they have accessed more than 3-terabytes of sensitive data.
Included in that trove of data, according to the hackers, are customer medical reports – which is also said to expose their sexual health problems – as well as identification documents, bank account statements, payment records, contracts and details of individual claims.
In addition to the ransomware attack, AXA has also been hit by a series of distributed denial of service (DDos) attacks on its global websites that made the insurance giant’s website completely inaccessible for a number of hours.
A ransomware group by the name of Avaddon has taken responsibility for the ransomware attacks launched against AXA, just days after the company announced it would stop underwriting policies that included payouts in the event of a ransomware attack.
The group told AXA that the insurance giant has around 10 days to get in contact and meet their demands, otherwise risking the publication of massive amounts of sensitive information on their customers.
AXA has responded to the claims, telling Bleeping Computer that there is “no evidence” to suggest that data beyond one of its Thai operations was accessed.
“Asia Assistance was recently the victim of a targeted ransomware attack which impacted its IT operations in Thailand, Malaysia, Hong Kong and the Philippines.”
The insurer continued to explain that “a dedicated taskforce with external forensic experts is investigating the incident. Regulators and business partners have been informed.”
“As a result, certain data processed by Inter Partners Assistance (IPA) in Thailand has been accessed. At present, there is no evidence that any further data was accessed beyond IPA in Thailand.
“AXA takes data privacy very seriously and if IPA’s investigations confirm that sensitive data of any individuals have been affected, the necessary steps will be taken to notify and support all corporate clients and individuals impacted,” the company spokesperson said.
AXA is yet to address any specific demands of the hacking group Avaddon.
Cyber Insurance
May 19 2021
Endpoint security: How to shore up practices for a safer remote enterprise
In the modern cloud-based application era, securing hardware is often neglected, so the volume of unmanaged devices noted above is not surprising. Endpoint management is hard, it’s boring, it’s time-consuming — but it’s nevertheless extremely important to a robust security strategy.
Why? Bad actors know that machines aren’t getting configured and maintained at the rate at which they should. This makes them ripe for exploitation. One of the easiest ways to attack corporate networks is through a machine that is not configured correctly or that hasn’t downloaded a patch to shore up a certain vulnerability.
Endpoint management: Scaling for a new world
VPNs have been under significant strain throughout the pandemic, and bandwidth is at a premium. This is part of the reason we’re seeing such rapid migration to the cloud. While there are numerous benefits to this move, it still doesn’t protect actual endpoints. To do this, regardless of environment, you need to find an endpoint management solution that can scale rapidly and not affect network performance.
This requires a novel approach to drive continuous compliance and configuration management across the enterprise. Of note, the latest peer-to-peer solutions can check the configuration of local or remote endpoints, diagnose problems, and/or remediate any issues found. Because of the nature of peer-to-peer, these solutions can conduct routine and advanced endpoint management at massive scale, addressing hundreds of thousands of endpoints without bandwidth throttling or hindering network performance.
Workers don’t even realize their systems are being updated. Being able to protect endpoints at scale without degrading the user experience or getting in the way of business processes is a game-changer in the remote world. It means that you can institute or return to a regular endpoint management schedule.
May 18 2021
“Those aren’t my kids!” – Eufy camera owners report video mixups
This isn’t the first time we’ve heard of a SNAFU like this, where virtual wires got crossed inside a video surveillance company’s own back end, causing customers not only to lose track of their own video cameras but also to gain access to someone else’s.
In one case, three years ago, a user of a cloud video service offered by a UK company called Swann received a video notification that showed surveillance footage from the kitchen…
…just not the kitchen in the user’s own house.
Amusingly, if that is the right word, the victim in this incident just happened to be a BBC staffer, relaxing at the weekend, who was gifted an ideal story to write up in the upcoming week.
In that incident, the camera vendor blamed human error, with two cameras accidentally set up with a “unique identifier” that wasn’t unique at all, leaving the system unable to decide which camera belonged to which account.
Alhough the vendor dismissed it as a “one off”, the BBC tracked down an even more amusing (though no less worrying) occurrence of the same problem in which a user received a surveillance video of a property that looked like a pub.
With a few days of search engine wrangling, that user managed to identify the pub online, only to find out that it was, by fluke, just 5 miles away.
So he went there and took a picture of himself in the beer garden, via the pub landlord’s webcam, but using his own online account:
Dark World – A Guide to the Global Surveillance Industry
May 18 2021
Detecting attackers obfuscating their IP address inside AWS
The feature and its exploitation potential
“Amazon Virtual Private Cloud (Amazon VPC) is a service that lets you launch AWS resources in a logically isolated virtual network that you define,” AWS explains.
Customers have complete control over their virtual networking environment, and can select their own IP address range, create subnets, and configure route tables and network gateways.
Unfortunately, the feature that allows customers to control their IP addresses also allows attackers to control the IP address written to AWS CloudTrail logs when accessing a compromised account via a newly created VPC endpoint.
“This can potentially enable an attacker to fool various security protections that rely on the Cloudtrail logs, such as SIEMs and cloud security tools. In addition, analysts looking for evidence of an attack might miss it,” Hunters researchers noted.
Attackers can obfuscate their IP address by making it look like an “organizational” public IP address, an employee “home” external IP address, a (potentially whitelisted) third party service provider public IP address, or a special private, reserved, testing or documentation-only IPv4 subnet block.
They could thus make it seem that a malicious action has been performed by an employee, or make it fly under the radar of threat intelligence and reputation services.
What attackers can’t do with this technique is to change the IAM permissions the attacker has when using victims’ compromised AWS API credentials, nor bypass IP-based IAM policies.
There is a solution
This technique may allow attackers to bypass security measures that rely solely on AWS CloudTrail, an AWS web service that allows customers to log, continuously monitor, and retain account activity related to actions across their AWS infrastructure (including AWS API activity).
Defenders should not rely on the contents of the “sourceIPAddress” field in the logs to detect attackers inside AWS, making API requests/calls, the researchers noted. Instead, they should review the “vpcEndpointID” field.
“If you use VPC endpoints in your environment, the only significant difference between the logs created by legitimate actions and the attacker’s actions is the specific VPC endpoint IDs logged. We recommend addressing this use-case with more anomalous-based detection logic, detecting usage of a new VPC endpoint ID never seen before in the organization,” the researchers advised.
They also recommended AWS CloudTrail users to cross-reference their cloud events with other sensors on endpoints, on-premises, email, identity, etc, to trace inconsistent logging and missed threats.
May 17 2021
Is 85% of US Critical Infrastructure in Private Hands?
When this problem is discussed, people regularly quote the statistic that 85% of US critical infrastructure is in private hands. It’s a handy number, and matches our intuition. Still, I have never been able to find a factual basis, or anyone who knows where the number comes from. Paul Rosenzweig investigates, and reaches the same conclusion.
Public Private Partnerships (PPP): Construction, Protection, and Rehabilitation of Critical Infrastructure
Discuss objectives and legal requirements associated with PPPs, the potential advantages and limitations of PPPs, and provide guidance as to how to structure a successful PPP for infrastructure investment.
Critical Infrastructure Risk Assessment
May 17 2021
Dealing with ransomware attacks: What options do you have?
It might seem logical to try to negotiate the ransom demand down to an amount that isn’t going to break the bank but would still be enough to satiate cybercriminals’ thirst for cash. Unfortunately, this isn’t a good idea, because negotiations can backfire and even cause ransomware gangs to increase their ransom demands.
This recently happened to Acer when they attempted to negotiate a $50 million ransomware demand down to $10 million. As retaliation, the REvil gang threatened to double the ransom if they didn’t receive the $50 million.
Another example is the Egregor ransomware gang, which often threatens to publish their victims’ data online if they negotiate or fail to deliver on ransom payments. If you’re not looking to add your company’s name to the list of failed negotiations, keep reading to find out some do’s and don’ts of planning for ransomware incidents.
DO: Create a plan before crisis strikes
A ransomware attack affecting your business in today’s digital economy is a matter of “when,” not “if.” Cybersecurity is an arms race, and as technological innovation grows, cybercriminals are also constantly innovating to develop new and more damaging attack methods. That’s why it’s essential to prepare for an attack as if it were as sure as the fact that the sky is blue – hopefully enabling you to avoid any negotiations altogether.
Dealing with ransomware attacks: What options do you have?
The Ransomware Threat Landscape : Prepare for, recognize and survive ransomware attacks
The fastest-growing malware in the world
The core functionality of ransomware is two-fold: to encrypt data and deliver the ransom message. This encryption can be relatively basic or maddeningly complex, and it might affect only a single device or a whole network.
Ransomware is the fastest-growing malware in the world. In 2015, it cost companies around the world $325 million, which rose to $5 billion by 2017 and is set to hit $20 billion in 2021. The threat of ransomware is not going to disappear, and while the number of ransomware attacks remains steady, the damage they cause is significantly increasing.
May 16 2021
DevOps didn’t kill WAF, because WAF will never truly die
You can only get rid of WAF if you fully implement security into your development process and audit the process via code reviews and annual tests. But DevSecOps can’t be realistically implemented for all web apps in the enterprise environment, so WAF will stick around because it still has a job to do.
The WAF is not dead, what’s left?
DevOps and the continuous integration and continuous deployment (CI/CD) pipeline provide an excellent opportunity to implement security, especially if your agile methodology includes security sprints. It allows for security to be built into the apps from the start, rather than taking the traditional route of applying it later, which is not only inefficient but – in the frenetic pace of CI/CD – can be overlooked, ignored, or forgotten.
Although security for all web apps should be built-in from the start, our experience shows that it is usually only applied to the “crown jewels,” like the company’s primary customer portal or client payment systems. In an enterprise environment, it’s not unusual for a company to be running old apps in which code is no longer maintained or apps integrated through acquisition.
Additionally, departments such as R&D and marketing frequently implement custom or third-party applications. This app proliferation can result in more than 50% of public-facing web applications in an organization being managed by DevOps or other disparate IT groups. These apps will need additional mitigation controls, which is where WAF comes in.
May 14 2021
Magecart gang hides PHP-based web shells in favicons
Magecart cybercrime gang is using favicon to hide malicious PHP web shells used to maintain remote access to inject JavaScript skimmers into online stores.
Magecart hackers are distributing malicious PHP web shells hidden in website favicon to inject JavaScript e-skimmers into online stores and steal payment information.
Researchers from Malwarebytes observed threat actors, likely Magecart Group 12, using this technique in attacks aimed at online stores running on Magento 1 websites.
The web shells employed in the attacks are tracked as Smilodon or Megalodon, they dynamically load JavaScript skimming code via server-side requests into online stores. This technique allows bypassing most client-side security tools.
“While performing a crawl of Magento 1 websites, we detected a new piece of malware disguised as a favicon. The file named Magento.png attempts to pass itself as ‘image/png’ but does not have the proper PNG format for a valid image file.” reads the analysis published by Malwarebytes.
May 13 2021
Security at Bay: Critical Infrastructure Under Attack
The attack perpetrated by hackers on oil company Colonial Pipeline highlights the dangers that are facing Industrial Control Systems (ICS) and the need for change in the information security landscape,
The attack took place on May 7th where hackers used ransomware to cripple the defense of the company. As a result, all operations were forced to shut down as well as operating systems used by the company. A group named DarkSide claimed to be responsible for Colonial Pipelines attack.
The hacker group is active since august and are part of a professional crime industry that have caused damage of billions of dollars. President Biden has delivery remarks that point out to the involvement of Russia in the development of the ransomware. It is not clear if the Colonial company has paid the demands.
The attack brought to light how critical national infrastructure (CNI) is vulnerable and the need of new methodologies to address new menaces that are evolving on a daily basis on many different ways. As far as we know this attack have proved that the understanding of information security has become outdated as well the solutions that were supposed to protect companies assets.
The impact of the attack was far beyond then expected. Consumers were directely impacted with a hike on prices. Also, in South east some drivers started to stocking up as available oil dropped down in fuel stations. About 5,500 miles of pipeline were shutdown. To figure it out in numbers it represents 45% of fuel comsumed from texas to new york.
As reported by Recorded Future ransomware attack groups are gainning momentum and wide spreading throughout every and all sector. From industry to education everyone is on target of ransomware. It is importante to notice that hackers are publishing part of the data and demanding money to do not publish all the data stolen.
While the United States leads the attack of ransomware hackers are aiming to make other countries victims. Freedom and security are deeply rooted in the american dream, but today all the nation see this rights going down with the dangers of information security.
The US Department of Justice and a group of companies have created a task force to manage the issue of ransomware threat. However, the tools that were released by equation group in the past can be the tipping point to new attacks or development of new ways to bypass known protections.
Little is known yet how the company was breached but it was certanly that the goal was to obtain money instead of corrupting the system. Some parts of the system were restored and the company said it will update their systems. Part of operations are manual at this time but its not sure when the supplies will return to normal.
The question now is if the available supplies will be enough. The disruption of the supplies could lead to an impact on many sectors. Bitdefender released a decryption tool on january for an older version of the ransomware, but they said that for this new version the tool do not work. According to Bloomberg 100GB was stolen in just two hours. This is a remarkable event to be considered as the largest and successful act of cyberwarfare.
Finally we need to develop new systems and new tecnologies as this could be the starting of a surge of new threat actors and new attacks that can not be stopped by the actual protection solutions.
Sources:
https://therecord.media/ransomware-tracker-threat-groups-focus-on-vulnerable-targets/
May 13 2021
Researcher hacked #Apple #AirTag two weeks after its launch
The Apple AirTag has been available for just a couple of weeks and hacking community is already working on it to demonstrate that how to compromise it.
“The German security researcher Stack Smashing tweeted today (via The 8-bit) that he was able to “break into the microcontroller of the AirTag” and modified elements of the item tracker software.” reported the 9to5Mac website.
“A microcontroller is an integrated circuit (IC) used for controlling devices usually via a microprocessing unit, memory, and other peripherals. According to AllAboutCircuits, “these devices are optimized for embedded applications that require both processing functionality and agile, responsive interaction with digital, analog, or electromechanical components.”
Now, the German security researcher Stack Smashing claims that he was able to hack the Apple device breaking into its microcontroller and modifying its NFC URL for Lost Mode.
The researcher explained that has found a way to modify the tracker software running on the tag, he was able to modify its NFC URL.
Smashing published a video PoC of the hack, it shows two Apple AirTag devices and one of them was hacked by the researcher.
The regular item tracker used in the test opens the Find My website, while the modified one opens an arbitrary URL that was chosen by the expert.
May 12 2021
WiFi devices going back to 1997 vulnerable to new Frag Attack
Source: WiFi devices going back to 1997 vulnerable to new Frag Attack
A Belgian security researcher has discovered a series of vulnerabilities that impact the WiFi standard, with some bugs dating back as far back as 1997 and affecting devices sold for the past 24 years.
The vulnerabilities, known as Frag Attacks, allow an attacker within a device’s WiFi radio range to gather information about the owner and run malicious code to compromise a device, may it be a computer, smartphone, or other smart device.
Devices are also vulnerable even if the WiFi standard’s security protocols were activated, such as WEP and WPA.
Design flaws in the WiFi standard itself
“Three of the discovered vulnerabilities are design flaws in the WiFi standard and therefore affect most devices,” said Mathy Vanhoef, the Belgian academic and security researcher who found the Frag Attacks.
The rest are vulnerabilities caused “by widespread programming mistakes [in the implementation of the WiFi standard] in WiFi products,” Vanhoef said.
“Experiments indicate that every WiFi product is affected by at least one vulnerability and that most products are affected by several vulnerabilities,” said Vanhoef, who is also scheduled to give an in-depth talk about his findings later this year in August at the USENIX ’21 security conference.
“The discovery of these vulnerabilities comes as a surprise because the security of WiFi has in fact significantly improved over the past years,” the Belgian researcher said.
Prior to disclosing the Frag Attacks today, Vanhoef previously discovered the KRACK and Dragonblood attacks. Vanhoef’s previous findings have helped the WiFi standard improve its security posture, but his latest findings reside in older sections of the WiFi protocol, not improved by his previous discoveries, and already deployed with devices in the real world for decades.
May 11 2021
Significance of risk management in cyber insurance to determine premium
By DISC InfoSec
The limited availability of data on cyber incidents has made it difficult to develop full probabilistic models for use in pricing cyber insurance cover. While a few insurance companies, brokers and other companies have developed pricing models that provide quantifiable probabilistic estimates of potential losses based on Fair methodology, the vast majority of insurers still continue to use scenario-based approaches for estimating the potential frequency and severity of cyber incidents. Assessments of frequency and severity are usually based on publicly available data on past incidents. There are a few commercial companies that collect and market data on past incidents.
The insurability of a given risk is usually economically viable only where Risks must be quantifiable: the probability of occurrence of a given peril, its severity and its impact in terms of damages and losses must be assessable.
In the case of data confidentiality breaches, data on past breaches provides insurance companies with a basis to assess the level of risk based on different company characteristics and estimate the per record cost of a breach. Therefore, part of the underwriting process involves understanding the business activities and number and types of information records held by the company. Given the longer experience with data breach notification laws and the more developed stand-alone cyber insurance market, much of the available data is based on experience in the United States.
Insurance companies also focus significant attention on the company’s security practices and policies, depending on company size and amount of coverage being sought. For smaller companies/coverage amounts, the underwriting process will focus on basic cyber security practices such as use of a firewall, anti-virus/malware software and data encryption, as well as frequency of data backups and use of intrusion detection tools. In some cases, applications may ask about compliance with specific standards, such as the International Organization for Standardization standard on Information Security (ISO/IEC 27001); the US National Institute of Standards and Technology (NIST) Framework for Improving Critical Infrastructure Cybersecurity; or the UK Cyber Essentials. Companies that hold payment card information might also be asked about their compliance with the PCI Data Security Standard while US companies with health records might be asked about their compliance with Health Insurance Portability and Accountability Act security requirements. Some stand-alone cyber insurance applications also request information on plans and policies, such as data protection policies, network access policies, internal auditing policies, disaster recovery plans, etc., as well as governance processes in place for those policies. Larger companies would face additional scrutiny, potentially involving on-site interviews, security audits and/or penetration testing. Risk and vulnerability assessments by external security consultants are offered by some companies as an additional service included as part of the insurance policy.
Insurance companies use the information gathered through the underwriting process to determine premium levels or deny the coverage. Some insurers may also establish minimum security standards that must be maintained through the coverage period in order for coverage to be maintained or sustained, such as timely patching of vulnerabilities and/or other software updates.
Cyber-insurance is an insurance product used to protect businesses and individual users from Internet-based risks, and more generally from risks relating to information technology infrastructure and activities. Cyber insurance purchased by an insured (first party) from an insurer (the second party) for protection against the claims of another (the third party). The first party is responsible for its own damages or losses whether caused by itself or the third party.
Cyber insurance may offer services products and countermeasures to protect business from known and unknown risks. There are now mandatory breach notification state laws (in many states) and regulation (HIPAA) which require breach notification. In services area cyber insurance may help organization to cover the cost of notifications and sometime may notify on behalf of an organization. The breach notification service may be necessary for SMB’s to acquire due to lack of necessary in-house resources. Depending on your business, few other items you may want to consider under cyber insurance are data restoration cost, payment of ransom, identity theft protection and reissuing of cards, potential downtime due to DDoS and potential regulatory fines.
How does a second party, an insurance company determine that first party premium (an amount to be paid for an insurance policy) and even decide that first party is insurable. The insurance company will look at organization’s security posture maturity based on industry standards and regulations (ISO, NIST, CSC, CSF) and determine if their Security Program is worthy of cyber insurance. Based on the existing security posture of an organization the second party will determine the risk they are willing to take and first party will determine the cost they are willing to pay for the premium. In the some cases insured might be able to absorb losses of the breach which were not covered by insurance but for some SMB’s these losses may be business limiting.
A point–in-time evaluation of an organization’s information security posture in constantly evolving, threat landscape only increases the challenge of insurance company to determine the first party premium. The insurance company may require a continuous feed to an organization security posture dash board which may also include but not limited to monitoring of security incident response on regular basis. Before making a decision on cyber insurance premium, an insurance company should utilize an in-house expertise or collaborate with InfoSec consulting organization to evaluate the frequency and severity of cyber threats facing an organization information security management system.
At end of the day, cyber insurance is a proactive security measure to counter potential data breaches and network security failures. Routinely, organizations are willing to spend money on security initiatives after the breach which is reactive action. Proactive security measures such as (developing sound security policies, compulsory cloud security, continuous monitoring, strong security awareness, effective BCP, proactive patching, resilient incident response plan…) may help not only to reduce the overall risk landscape but can assist in lowering the cyber insurance premium.
Proactive information security program which include but not limited to the basic cybersecurity measures may require acquiring cyber insurance. Insured organization (first party) may need to keep up with the basic cyber security measures to prevent voiding the coverage. When a functional and operational information security program which has a clear definition of an organization risk threshold becomes a priority, it can minimize potential risk of security breach and should be able to absorb losses for future security breach with cyber insurance as a part of risk management strategy.
DISC InfoSec assist in acquiring the cyber insurance which is aligned with business objectives and based on organization risk threshold. Before coverage is issued by the underwriter, in some cases, organization is asked to mitigate some risks to lower the premium. DISC InfoSec assist in compliance with standards, coverage inclusion/exclusion and risk mitigation process for organization acquiring cyber insurance.
Cyberinsurers mandate multifactor authentication
Checkout our previous blog posts on cyber insurance
Cyber Insurance explained in a simple and joyful way.
More Cyber Insurance titles:
May 10 2021
City of Tulsa, is the last US city hit by ransomware attack
One of the biggest cities in the US by population size, the City of Tulsa, was victim of a ransomware attack that affected its government’s network and forced the shutdown of official websites over the weekend.
Shortly after the attack, that took place Friday night, the city issued a statement to inform that no customer information has been comprised in the security breach.
The City’s IT and security staff have shut down impacted internal systems to avoid the spreading of the threat. Emergency services such as 911 and the city’s public safety response will continue to operate normally.
“According to the Tulsa Police Department (TPD), 911 is operational and Tulsa’s public safety response is continuing as normal.” reported the Krmg website.
“As for utility billing, Tulsa police say new account registration is currently unavailable. Tulsans can make a payment on their account and view their bill as a guest as long as they have their new account number and customer ID, plus the name on their account exactly as it appears on their bill.”
The City of Tulsa reported the incident to the authorities and is investigating the infection with the help of external security experts.
The impact is believed to have impacted a small portion of the infrastructure, and internal experts are attempting to recover impacted systems from backups.
Unfortunately, ransomware attacks against cities in the US are very frequent and in many cases the victims opted to pay the ransomware to restore the operations.
City of Tulsa, is the last US city hit by ransomware attack
« Previous Page — Next Page »
