September is moving right along, and so are the security incidents. Last week, we saw many fascinating and alarming stories throughout the world. Let’s dive in and look at some of the more interesting scenarios that showed up over the last seven days.

Insurance Claims Are Booming!

Nowadays, having cyber insurance is a must in any business. According to a recent report from Coalition, a global cyber insurance company, the market frequency for claims payouts in 2019 was around 6%. This means that 6 out of every 100 companies had a cyber incident that resulted in the claim being paid out. Further, in the report, only three types of attack techniques used to breach their policyholders made up 89% of the total known. These attack types were Email/Phishing, Remote Access, and Social Engineering. 

This data also shows a significant rise in ransomware attacks. Attacks of this  type made up 41% of reported claims for Coalition policyholders, which means that ransomware is not explicitly directed at any particular company type.  The key takeaway is that ransomware incidents tend to be about 2.5x more severe than other incident types. This is due to the interruptions created by encrypting information and its the time involved to restore and recover operations.

One other notable piece of information from the report is that the ransom demands are also increasing quickly. In Q1 of this year, the average demand was approximately $230,000, with a 47% increase in Q2 with a new average demand of $338,000. That’s quite a jump between quarters.

Get your copy of the report here.

Emotet Is Popping Up Abroad?

If you don’t know what Emotet is, here is a little synopsis. It started as a banking trojan focused on stealing credentials. It has now become much more through development changes and advancements, acting as a loader that allows other malware stages to be executed. Further, the malware authors have created a botnet of infected computers and sell access to them in an Infrastructure-as-a-Service (IaaS) type model.

Now that we are up to speed, Emotet is making headlines in three countries this past week, France, Japan, and New Zealand. All three nations have released security alerts warning about the malware popping up in email campaigns against them. In Japan, there was triple the number of regular sightings of Emotet, as compared to usual, according to CERT Japan. New Zealand also saw a massive increase in the number of sightings and attacks as well, where France did not see as heavy of spamming. Even though that was the case, the malware still managed to get onto computers in Paris’s court system. This led the French Interior Ministry to block all Microsoft Office Docs (.doc) from being delivered via email. 

The attackers used conversation hijacking to trick users into clicking on malicious attachments. Conversation hijacking involves using a preexisting email conversation stolen from one victim, embedding the malicious content, and responding to the email chain to trick users into checking on the content. They turn a legitimate email chain into a non-legitimate email chain by injecting malware into the middle of the message chain. Is “into its middle” a technical phrase?

Read the News Article Here.

Schools Are Back… But As A Target!

Last week we talked about the DDOS attack at the Miami-Dade School district that had the school system offline for a little bit. Well, more schools are facing more problems. This time, however, the attacks don’t seem to be coming from high schoolers.

According to US News, the Clark County School district in Nevada was hit with ransomware during their first week of school. Some of the employee’s personal information may have been exposed in the attack, which also locked down access to individual files.

Additionally, in Hartford, Connecticut, the public school district was brought to a halt by ransomware, according to the New York Times. Hartford’s school district has roughly 18,000 kids enrolled, and they were attempting a hybrid model, with some students in-seat and others online. This, however, gave that plan a little bit of a hiccup. Luckily for Hartford, they don’t think any personal or financial information was stolen. Furthermore, the city spent around $500,000 to upgrade to its security in the previous year, leading to a much better response to attack.

These are just two recent examples of schools hit by ransomware last week, but this problem has been going on since before kids were let out for summer vacation. We see a surge in these types of attacks, and it doesn’t look to be calming down anytime soon.

Another GDPR Nightmare

A large amount of personal information was left exposed on the internet in the UK and was even indexed by Google. Over 50,000 letters containing private information were found online, some from banks and government agencies. All seemingly come from an outsourcing mail company based in London. This situation details the problems that can arise in using a third party to manage your customers’ data. The company director stated that they were the victims of an attack themselves, where attackers posted the data online. They also went ahead and secured the data that was exposed online. However, this was a little too late for comfort since the material had been displayed since June this year. 

That’s quite a bit of data to leave exposed online, and not to mention it was indexed by Google, only making the information searchable and easier to find. The UK’s data regulator is aware of the incident and will be making inquiries regarding GDPR violations, and if found, could lead to large fines and penalties for those involved.

Read the Article Here.

Final Words

Now, as usual, a lot was going on in the world of cyber last week. These are some that stood out to me. As we watch the incidents happening all over the world, it’s best to take a “watch and learn” approach, and not forget our essentials. 

In today’s threat landscape, organizations need to have cyber insurance, not only for the protection of their assets but to assist if a payout is necessary with ransomware. Having an acceptable cyber insurance policy could mean the difference between getting back on your feet quickly or watching your organization fall apart. 

Also, it’s always good to remember that we must invest in our security! Take the time and the budget to make sure you’re secure and have visibility into your environment. As usual, training on proper security awareness and adequate email security is always in need. The number of organizations that let attackers in through email attachments is still rising, meaning we still have an issue. One final thought is due diligence. Test your systems, check for data exposures, and always check up on your third party vendors.

As always, security is an action. We get out what we put into it.