Skip to main content
Category

Cyber Attacks

evolvemga
In Cyber Attacks

Hackers steal $64 million from cryptocurrency firm NiceHash

Evolve | Hackers steal $64 million from cryptocurrency firm NiceHash

Cryptocurrency mining marketplace, NiceHash, reported on Wednesday a security breach, resulting in 4,700 BTC being stolen (which equates to $64 million).  
 The Slovenian crypto company highlighted that the cyber attack was a result of uneven oversight and faulty security procedures surrounding their payment system.  


The latest hack on the cryptocurrency platform comes at a time when not only has bitcoin skyrocketed past $15,000 in market value, but many financial institutions, like #CBOE, are looking into launching Bitcoin futures in order to cash in on this digital currency boom. 
 According to Reuters, there’s been at least 3 dozen cyber attacks surrounding #cryptocurrency platforms since 2011, most notably Mt. Gox, in 2014. 

These attacks further reiterate the vulnerabilities surrounding lack proper security measures and investor protections of these platforms, which #hackers target in order to compromise systems. 


Evolve MGA‘s cyber policy, EVO 3.0, covers policyholders in the event their cloud data is hacked, lost, or stolen. Contact us to learn more about buying a policy before an event happens to your business. 


Click here, to read more about this most recent cryptocurrency cyber crime.

#HackerInsurance #NiceHash #Reuters #EvolveMGA  #insurance #cyberinsurance #insuranceagent #bitcoin

evolvemga
In Cyber Attacks

Mailsploit lets Hackers Forge Perfect Email Spoofs

Evolve | Mailsploit lets Hackers Forge Perfect Email Spoofs

As if phishing ploys and spam mail weren’t enough, security researcher, Sabri Haddouche, uncovered vulnerabilities in email programs that lets hackers spoof recipients into thinking they’re receiving mail from trusted sources. Mailsploit, is a collection of bugs in mail clients that allow effective sender spoofing and code injections attacks.

Some of the email clients included in Haddouche’s list were Apple Mail for iOS and macOS, Mozilla’s Thunderbird, Microsoft Mail, and Outlook 2016, as well as a long list of less common clients including Opera Mail, Airmail, Spark, Guerrilla Mail and Aol Mail.

Once the bugs in the email clients were found, Haddouche adjusted the way operating systems handle certain kinds of text, which allowed for him to create email headers that ultimately allow hackers to forge the email source. Although email spoofing as been around for decades, email server administrators have been able to block fraudulent senders using DMARC, but #Mailsploit has proven to bypass these security measures.

If you’re interested in learning about our industry leading policy form and how it can respond in the event of an attack, contact us for a quote. #hackerinsurance

A demo Haddouche has made available on his website describing the Mailsploit attack lets anyone send emails from any address they choose. Click here to watch the demo.

evolvemga
In Cyber Attacks

PayPal Subsidiary Data Breach Hits Up to 1.6 Million Customers

Evolve | PayPal Subsidiary Data Breach Hits Up to 1.6 Million Customers

Global e-commerce business, Paypal, disclosed a large data breach surrounding their recent acquisition of Tio Networks. According to the report, the cyber attack resulted in 1.6 million of Tio’s users personal identifiable information being exposed.

Acquired by PayPal for US$233 Million in July 2017, TIO Network is a cloud-based multi-channel bill payment processor and receivables management provider that serves the largest telecom, wireless, cable and utility bill issuers in North America. Upon discovering the breach of sensitive data, Paypal initiated an internal investigation into Tio’s billing payment processor to ensure the issue is contained.

Data breaches like these happen every day to businesses of all sizes. If you’re interested in learning more about our industry leading policy form and how it can respond in the event of an attack, please contact our team of Cyber Insurance Specialists.

To learn more about this cyber crime, check out the article on The Hacker News.

evolvemga
In Cyber Attacks

Senators Again Propose National Breach Notification Law

Senators Again Propose National Breach Notification Law

Uber was hacked in 2016, and not only did they try to cover it up by paying out a hacker, but millions of user accounts were compromised. Only after a new CEO came aboard, did they release the news about the cyber attack (he knew for 2 months before releasing the news); Equifax experienced one of the worst identity theft hacks in history, but didn’t release their breach until months after; Yahoo! was hacked in 2014, but didn’t alert authorities and users until 2016. 

The common theme here is what senators have been rallying around in order to get the National Breach Notification Bill passed. If passed, the data breach notification measure would give companies a maximum of 30 days to notify victims and authorities after they discover a data breach. The longer businesses wait, the more vulnerabilities they create for the victims affected. Additionally, as businesses continue to move more and more sensitive data into easily accessible cloud services (SaaS), individuals become more exposed to the risk of a data breach. 

SaaS companies tend to offer a quality product for a relatively cheap price, which are highly attractive to businesses looking to stay versatile. If this bill is passed, it will hopefully instill a higher level of accountability by businesses that are compromised by a cyber attack.

Evolve MGA‘s cyber policy, EVO 3.0, covers policyholders in the event their cloud data is hacked, lost, or stolen. Contact us to learn more about buying a policy before an event happens to your business.

evolvemga
In Cyber Attacks

Yahoo!

In 2014, Yahoo! was the victim of one of the largest cyber attacks in the modern era, which affected all 3 billion of their user accounts.

Fast forward to March of 2017, Karim Baratov (seen in the image) was arrested at his home in Toronto after he was suspected to be involved in the cyber hack.

On Tuesday, Baratov admitted to helping the Russian spies and pleaded guilty to a total of nine counts which includes:

  • One count of conspiring to violate the Computer Fraud and Abuse Act by stealing information from protected computers and causing damage to protected computers
  • Eight counts of aggravated identity theft

Prosecutors believe that Baratov was contracted by Russia’s Federal Security Service to target journalists, gov’t officials, and technology company employees who use emails outside of #Yahoo! and send those accounts’ passwords to Russian Intelligence Officers in exchange for money.

Baratov’s hearing is scheduled for Feb. 2018 and faces up to 8 years in prison and agreed to pay compensation to the Yahoo! victims and a fine up to $2,250,000.

Contact us to learn more about how we can protect your business from future cyber attacks! #EvolveMGA

To read more about this article, click here.

#insurance #cyberinsurance #smallbusiness #retailbroker #cybercrime #cybersecurity #databreach

evolvemga
In Cyber Attacks

Over $655,000 worth of Verge cryptocurrency was stolen by hackers

Over $655,000 worth of Verge cryptocurrency was stolen by hackers

Cryptocurrency platforms have been receiving  a lot of attention in 2017 due to the value spikes in Bitcoin, Litecoin, Etherium, etc. Coincidentally, it seems whenever there is a massive data breach, hackers are looking to get paid in bitcoin or another cryptocurrency.

IBTimes recently published a story regarding a hack on a cryptocurrency platform called CoinPouch, in which hackers targeted Verge and stole $655,000 from the CoinPouch cryptocurrency wallet.  However, while CoinPouch blamed the hack on the Verge node, the firm set up to handle Verge transactions for its users, Verge maintains that CoinPouch was hacked because the app “wasn’t secured properly on their side”.

With this being said, Evolve MGA understands the importance of cyber protection regardless of the industry or the size of your business, every business needs to put a cyber policy in place in order to stay protected against hackers and IT incidents. Be PROACTIVE, not REACTIVE!

Click here to read more about this story.

evolvemga
In Cyber Attacks

Uber Paid Hackers to Delete Stolen Data on 57 Million People

Uber Paid Hackers to Delete Stolen Data on 57 Million People

Uber makes the headlines yet again after their CEO disclosed that not only were 57 million peoples data compromised, but the ride hailing app paid the hacker $100,000 to keep this data breach from surfacing.  2017 has been nothing short of a roller coaster ride for Uber, but what makes this event so alarming was the lengths in which the company went to keep this story under wraps. 

We can #deleteuber and criticize them all day about their inability to protect their (our) data, but moral of the story is companies can proactively protect themselves from these security breaches by implementing a cyber insurance policy. Regardless of the size of your company, Evolve MGA can ensure your company will be safe if and when a cyber crime occurs. 

Click here to learn more about this incident and feel free to check out www.evolvemga.com to learn more about how we can protect your business from future cyber attacks! #EvolveMGA

evolvemga
In Cyber Attacks

Sacramento Regional Transit Systems Hit By Hacker

Sacramento Regional Transit Systems Hit By Hacker

LOCAL NEWS: Sacramento regional transit system was attacked by a hacker last night, which resulted in over 30 million files being deleted.  Although the RT was able to work through this attack without much affect on ride goers, authorities believe that the hacker is an amateur who likely had an exploit that he was running in the background on his machine, and then got a hit, displaying the opportunity to hack RT.

Evolve MGA understands the importance of cyber protection regardless of the industry or the size of your business, every business needs to put a cyber policy in place in order to stay protected against hackers and IT incidents. Be PROACTIVE, not REACTIVE!

To read more about this cyber crime, click here!

evolvemga
In Cyber Attacks

Banking Trojan Gains Ability to Steal Facebook, Twitter & Gmail Accounts

Banking Trojan Gains Ability to Steal Facebook, Twitter & Gmail Accounts

Banking Trojan, Terdot, was first discovered in 2016 and has since evolved its attack based on recent studies. Initially designed to operate as a proxy to conduct man-in-the-middle (MitM) attacks, steal browsing information such as stored credit card information and login credentials and injecting HTML code into visited web pages.

Bitdefender discovered that #Terdot now been revamped with new espionage capabilities such as leveraging open-source tools for spoofing SSL certificates in order to gain access to social media and email accounts and even post on behalf of the infected user. Terdot can target #socialmedia networks including #Facebook, #Twitter, #GooglePlus, and #YouTube, and email service providers including Google’s #Gmail, Microsoft’s live.com, and #Yahoo Mail. 

The #bankingtrojan is mostly being distributed through websites compromised with the SunDown Exploit Kit. If clicked, it executes obfuscated JavaScript code that downloads and runs the malware file. In order to evade detection, the Trojan uses a complex chain of droppers, injections, and downloaders that allow the download of Terdot in pieces.

To read more about this cyber attack click here.

In the result of your company being compromised by a banking trojan similar to Terdot, Evolve MGA cyber policy, EVO 3.0, covers policyholders in the event their cloud data is hacked, lost, or stolen.

evolvemga
In Cyber Attacks

Big Breaches are Bad; Phishing & Keylogging may be Worse

big breaches are bad

Big breaches are bad and we often hear about the massive data breaches that occur within big businesses, but a recent study conducted by Google, Cal Berkeley, and the Int’l Computer Science Institute revealed that there are hundreds of thousands of individuals who fall victim to phishing and keyloggers every week.  Hackers manipulate people by creating fraudulent, look-alike web pages that look professional enough to trick people into divulging their login credentials.

All to often, this gives hackers access to recycled credentials used for other sensitive data.  To get a sense of the magnitude of these recurring attacks, Google’s search crawler tracked black hat sub forums to learn more about credential trading and found large scale results.

From March 2016 through March of this year, researchers identified potential credential-theft victims and found 1.9 billion usernames and passwords on the underground forums that resulted from data breaches. Phishing kits potentially compromised 12.4 million victims, and off-the-shelf keyloggers hit as many as 788,000 people, the study shows.

Every business needs to put a cyber policy in place in order to stay protected against hackers and IT incidents. Be PROACTIVE, not REACTIVE! Evolve MGA

To read more of this article, please click here.

Close Menu