Cyber Attacks

Intel has made the news this week after it’s been confirmed that a massive vulnerability surrounding a severe hardware-level issue that could allow attackers to access protected kernel memory, which primarily includes information like passwords, login keys, and files cached from disk, will affect hundreds of millions Windows, Linux, and Mac users worldwide.

It’s worth noting that any users who have installed the update will notice a down tick in system speed that could bring down CPUs performance by 5-30% “depending on the task and processor model.” Although #Microsoft and #Apple will likely fix this issue for their respective systems and users, it’s important to note that vulnerabilities like this are difficult to expect, but can result in a security breach.

Evolve MGA offers the industry leading cyber policy. To learn more contact our team of cyber insurance specialists. #hackerinsurance

To read more about this hack attack, check out The Hacker News for the full story.

Forever 21, a popular clothing retailer, confirmed this week that a #databreach occurred between April and November of 2017 via infection to a POS system (Point of Sale). Unfortunately, Forever 21 was not notified of the breach until November, which results in potentially millions of their customers at risk as the hackers were targeting credit card information.

As expected, #Forever21 hired an investigation team to learn more about the #cyberattack. The security firm confirmed the malware was designed to search for and likely steal sensitive customer credit card data, including credit card numbers, expiration dates, verification codes and, in some cases, cardholder names. According to the report, Forever 21 has been using encryption technology since 2015 to protect its payment processing systems, but during the investigation, the company found that some #POS terminals at certain stores had their encryption switched off, which allowed hackers to install the malware.

Evolve MGA cyber policy, EVO 3.0, covers policyholders in the event their cloud data is hacked, lost, or stolen. Contact us to learn more about buying a policy before an event happens to your business.

To read more about this hack attack, check out The Hacker News for the full story.

Nissan Canada Finance reported a recent data breach that puts 1.13 million current and former Nissan and Infiniti buyers and leasers at risk of their personal information being exposed by a hacker group.  With pressure ensuing from cyber security firms to contact customers within 30 to 60 days of a data breach; it took Nissan 10 days to report the cyber attack, providing their customers ways to check if their information was compromised and offering prepaid credit monitoring services for the next 12 months.

It’s important to note some of the services that will result from this cyber attack:

• Canadian privacy regulators and law enforcement investigations
• Third-party digital forensic investigators
• 12 months of prepaid credit monitoring services for all customers (affected and unaffected)

**additional services and charges may apply

Evolve MGA cyber policy, EVO 3.0, covers policyholders in the event their cloud data is hacked, lost, or stolen. Contact us to learn more about buying a policy before an event happens to your business.

Read more from Data Breach Today here.

The U.S. government has openly announced that they are blaming North Korea for WannaCry, the destructive ransomware that affected over 200,000 businesses across 35 countries this past spring.

According to the New York Times, Homeland Security Advisor Thomas Bossert was the first to publicly scrutinize the North Korean regime for the ransomware attack that took down parts of UK’s National Health Service among other targets.

Bossert went on to say “it encrypted and rendered useless hundreds of thousands of computers in hospitals, schools, businesses and homes. While victims received ransom demands, paying did not unlock their computers. It was cowardly, costly and careless. The attack was widespread and cost billions, and North Korea is directly responsible.”

According to multiple sources, North Korea is suspected of using cyber tools and weapons that were stolen from the United States National Security Agency after connecting dots between the tactics used in WannaCry and the Sony hack in 2014.

In addition to this attack, the U.S. government is also investigating recent allegations surrounding the Russian government’s involvement with this past year’s presidential election. With the help of Twitter and Facebook, Congress and the House of Representatives has been given the evidence needed to help bridge the gap between speculation and fact.

There doesn’t seem to be an industry, company, or country that hackers deem too superior to attack, which begs the question, who’s in your computer?

If you’re interested in learning more about our industry leading policy form and how it can respond in the event of an attack, contact us.

Feel free to read more of Tech Crunch’s article here.

In recent news, the first reported safety system breach at an industrial plant occurred this past week at an undisclosed plant (cyber firms believe it occurred in Saudi Arabia or the Middle East). 

The hacker group targeted Triconex industrial safety technology from Schneider Electric SE in what appears to be a watershed attack that halted operations at the facility.  According to the report, this technology is typically used in the energy industry, including at nuclear facilities, and oil and gas plants.

Cyber experts worry that these attacks can allow hackers to shut down safety systems to set up an attack on an industrial plant, which can advert plants from identifying and stopping destructive breaches on facilities that are targeted. 

“This is a watershed,” said Sergio Caltagirone, head of threat intelligence with Dragos. “Others will eventually catch up and try to copy this kind of attack.”

Although this watershed attack is specific to this circumstance, this case shows the potential for attacks against unlikely industries. If you’re interested in learning more about our industry leading policy form and how it can respond in the event of an attack, contact us. 

Click here if you’d like to read more about this cyber attack.

According to a recent study conducted by Kaspersky Labs, researchers found 85 apps in the Google Play store that were attempting to steal credentials from users on Russian-based social network, Vk.com and based on the report, the apps were downloaded over a million times.

Over the years, Google has released several Bug Bounty programs that target malicious applications that infect users with malicious software from being released on the Google Play Store.

Kaspersky Labs mentioned that the most popular game downloaded was submitted to the app store as an actual game in March, 2017, but by October, it was updated with information stealing software.

As it has shown that it’s difficult to constantly track malicious apps from stealing your info, Google has recently released Play Protect, a security feature designed to uninstall an app that becomes infected with malicious software.

Additionally, Evolve MGA cyber policy, EVO 3.0, covers policyholders in the event their cloud data is hacked, lost, or stolen. Contact us to learn more about buying a policy before an event happens to your business.

Click here to read more from The Hacker News.

According to Group-IB – Global Cyber Security Company, a team of Russian speaking hackers stole over $10 million from communities banks in the United States, Britain, and Russia. Dubbed, MoneyTaker, this group of #cybercriminals used vicious malware to attack card processing systems at these local banks.

Of the 20 attacks over of the course of the last 18 months, the hackers stole an average of $500k in each heist, with most of the #cyberattacks occurring in the U.S. (16).

According to the report, #MoneyTaker used tools like #Metaspoit, #PowerShellEmpire, and even built their own tools to hack their way into these financial institutions.

#Group-IB credits these successful attacks on the overall skillset of MoneyTaker as they are capable using creative and strategic tactics in order to erase each step they take. According to the report, the #hackers have even altered source code on the fly in order to remain undetected as they underwent their heists.

It’s clear that these attacks happen in what seems to be in a blink of an eye so if you’re interested in learning more about our industry leading policy form and how it can respond in the event of an attack, contact us.

Click here to read more about these cyber attacks.

A team of researchers at University of Birmingham have developed a security tool called Spinner that has detected critical vulnerabilities in 9 banking apps that are operated by Bank of America and HSBC, which can put more than 10 million users at risk of their passwords and pins being hacked.

Fortunately, the vulnerabilities were corrected, but according to researchers, if exploited, could have let hackers connect to the same network as the victim – such as a public Wi-Fi network in a workplace or coffee shop – to perform a so-called Man in the Middle (MitM) attack and retrieve usernames, passwords or pin codes.

The flaw in security could have let hackers decrypt and modify any operation within the app as the user, which would ultimately allow them to phish for the user’s credentials.

Evolve MGA‘s cyber policy, EVO 3.0, covers policyholders in the event their cloud data is hacked, lost, or stolen. Contact us to learn more about buying a policy before an event happens to your business.

Click here to read more >>

#insurance #smallbusiness #bankingapps #bankofamerica #hsbc #EvolveMGA #cyberattack #hacker #cyberinsurance #hackerinsurance #cybersecurity