extortion vs cybercrime what is the real cost?
The insurance giant Lloyds of London
Created a report that found that 86% of companies are uninsured with a gap of 166 billion dollars. (1) There are 600,000 business worldwide that can be affected.
World Wide numbers : USA =89bn , Europe =76bn and Asia = 19bn. (2)The most common malware used is still Ransomware which has hit Billions of dollars in cost worldwide, Cryptomining malware is on the rise with more than 2.5 million in thefts.
The primary malware source has been “GrandCrab” a RIG exploit kit that once it releases the files on the system they are fully locked. (3)
The attack is launched by a spam email which opens an M.S. Word document that contains a malicious macro and can connect to a cybercriminals server.
The number of infected systems has resulted in a significant increase in the number of companies, local governments, and hospitals to obtain cybercrime insurance. The insurance industry has made more than 8bn dollars in 2019, and the number of companies and organizations seeking cyber insurance has increased.
The publication https://www.propublica.org/ reported that the insurer in cases of Ransomware attacks promotes the paying off the Ransom even if the IT Security team can decrypt. (4)
Extortion without Ransomware.
Industrial Espionage and data theft are the major compromising events that are covered by insurance support used to cover thefts of PCI and PII content. The cost of data theft has increased from 1.4 mil dollars to 13 mil dollars; the loss from insider threats is worth 8 mils. (5)
600 billion USD in 2019
BEC and BPC threats.
BEC, Business Email Compromise is a cyber attack that occurs when an email is sent requesting a transfer of funds to an account.
4 different ways produce the fraud :
- A bogus invoice with a fake requested funds transfer.
- CEO Fraud where an attacker pretends to be a CEO and is requesting funds to a different account.
- Attorney Impersonation: The attacker pretends to be an Attorney requesting a bogus payment.
- Data Theft: To use PII information (personal identity information ) to steal user accounts.
BPC: Business Process Compromise. This form of hacking uses malware to alter the processes on a system that allows the theft of information or funds.
The attack occurs by Diversion, Piggybacking, Manipulation, and all use a different method.
43% OF Organization have been affected by hacking using BPC. (6)
Diversion attacks involve the transfer of money from legitimate channels to a hidden account.
Piggybacking is a method of using malicious software to redirect financial records to a cybercriminals server. Manipulation changes the system by the install of the software that alters stocks or financial markets. Data theft allows cybercriminals to infiltrate the system and alter the business process without detection while moving money, stocks, or investment information.
The general mindset with insurance for BPC attacks is similar to that used for Ransomware.
The insurance industry directs the company to pay the Ransom and get the decrypting needed to return the data. In the theft of funds or stocks, this is a dark area most companies hope that there is enough insurance to repair the lost funds and fix the public image.
Corporations have developed a growing trend to treat BEC and BPC cases the same as a Ransomware issue and pay the Ransom, but this has sent a signal to the criminals to increase the use of this form of attack.
The cybercriminals are seeking companies based on the level of insurance that they have related to cybercrime.
The number of attacks may decrease in the future, but the cost of the Ransom has continued to increase and damage the entire network, computers, and servers are increasing with each attack.
The theft of information by an insider threat that steals “intellectual data ” and PII records become fraud cases in many situations where the criminals, even when detected, are not prosecuted. The insurance companies generally pay the loss or cost for detection but fail to examine the methodology of the hack.
Healthcare systems which are one of the primary targets of cybercriminals are subject to the HIPPA regulations and PII data. Insurance coverage has increased regarding cybercrime, where the PII loss can occur, but they need to make technical improvements has not.
The threat to Infrastructure
Within the last 3 years, a new issue has become a significant source for cybersecurity and insurance coverage. The growth of IoT devices and IIOT robotic tools has made them a target of the cybercriminals for attacks. Business equipment like printers and security cameras or medical tools (radiation and Xray ) are the source of IoT (internet of things ) attacks. IIOT (Industrial Internet of things) and supply lines Robotics, forklifts, electronic grid, and hydroelectric equipment.
The insurance coverage for these tools has been a part of the general plant insurance, but Ransomware attacks or DOS and DDOS have not covered them. The growth of machine learning and AI has enabled companies to expand the speed of manufacturing products.
These system, in some cases, are legacy tyes that have weak passwords or even antivirus software that needs updates.
Some IIOT systems exposed by backdoor malware via endpoint computers when altered allow the cybercriminals greater access.
The primary target is the routers, and network servers used by them the install of a “DNS Changer” malware when connected to a “rogue” server allows for multiple systems to be infected.
This malware spreads by social media also, and that contain the trojan virus, which redirects the system to a malicious site.
The change results in an alteration of the network traffic and gives the cybercriminals the ability to install damaging applications or the ability to stop production.
Typically IIOT’s are a part of the risk management process, but with the rise of cybercrime, many companies and governments are reevaluating this approach.
Hacking has lead to an increase in the use of cyber liability insurance policies which cover the help with legal fees, damaged networks, and other forms of loss.
(5).https://crcs.nist.gov guide to protecting PII data.