Cyber Attacks

Ransomware-as-a-service surfaced earlier this year as it was found that purchasing malware to deploy on targets was an increasingly more viable option as it was cheaper and required less skill. With ransomware now an item that is easily accessible, the ability for programmers to now create super viruses became a powerful opportunity. With that being said, analysts at McAfee found the Kraken. This malware uses an exploit kit to help it score fresh victims, and unfortunately, that combination may prove challenging to defend against.

The Kraken first surfaced this summer on a top Russian language forum and is now being licensed out by an individual who goes by the name, “ThisWasKraken”. The virus has proven to be effective as it typically gets past anti-virus software without detection. As it’s the developer’s goal to get more wannabe hackers to purchase and deploy the virus on fresh victims, the primary target for Kraken is computers running Windows 8, 8.1 and 10 but Kraken can quickly encrypt all files without regard for the size of any file, according to analysts.

EvolveMGA offers cyber insurance that covers policyholders in the event their cloud data is hacked, lost, or stolen. Get appointed with our cyber insurance specialists for a FREE Quote!

If you’d like to read more about the destructive abilities of the Kraken, click here.

Hong Kong’s Cathay Pacific airlines recently experienced a data breach that allowed a hacker unauthorized access of personal data to 9.4 million passengers. According to cyber experts who are working closely with this incident report that the details provided by Cathay Pacific think the magnitude of the attack might be in result of the company shifting from legacy systems to cloud based systems.

In the process of transitioning to the cloud, the airlines company decided to cut some senior IT executives which analysts believe could have affected the outcome of some of the security protocols needed to ensure the front end customer facing apps were installed correctly. They suggest there could have been poor programming as well as lack of security patch installed in a timely manner. With most of airlines becoming more cloud and internet based (i.e. internet in-flight entertainment), security experts strongly suggest that airlines need to ramp up their security protocols as they have a greater chance of getting hacked.

Evolve MGA offers cyber insurance that covers policyholders in the event their cloud data is hacked, lost, or stolen. Get appointed with our cyber insurance specialists for a FREE Quote!

If you’d like to read more about the data breach involving Cathay Pacific airlines, click here.

If your client is using a VoIP phone system, they are a HUGE target for hackers?

It’s incredibly hard to defend your system against employees clicking on phishing links that they shouldn’t be clicking on. Contact us to get a quality cyber policy for your clients.

How Does Telephone Hacking Occur?

A group of voter registration records from 20 states appeared for sale online this week after two cyber security firms found an advertisement for the voter information on a data trading forum. Anomali Labs was able to test a sample size of the voter data and confirmed that the information in fact valid. Although this breach of voter registration records is not the largest we’ve seen, it’s worth noting that all 50 states allow political parties and candidates to have access to the records, which in turn creates an innumerable amount of potential vulnerabilities.

With the 2018 Midterm elections quickly approaching in November, the need for proper cyber security protocols to be in place to protect the identities and sensitive data of our voters is paramount. The influence that cybercriminals had on the 2016 presidential election had tremendous affect on voter moral and if not taken seriously, cybercriminals can ultimately affect important elections and bills being passed moving forward.

Evolve MGA offers cyber insurance that covers policyholders in the event their cloud data is hacked, lost, or stolen. Get appointed with our cyber insurance specialists for a FREE Quote!

The Pentagon (US department of Defense) released a warning that a third party travel management vendor experienced a data breach that can potentially expose 30,000 military and civilian personnel. According to the DoD, those affected by the cyber attack were notified that their personally identifiable information and payment card information could be compromised and that they are offering victims prepaid identity theft monitoring services.

The General Accountability Office (GAO) didn’t seem too surprised of the attack as cybersecurity tends to be an afterthought to US weapon developers. In fact, according to the GAO, the penetration tested conducted displayed that the weapons can be subverted. “Using relatively simple tools and techniques, testers were able to take control of systems and largely operate undetected, due in part to basic issues such as poor password management and unencrypted communications” GAO says.

Government agencies, municipalities, and healthcare organizations typically get targeted the most due to outdated systems, unaware employees, and lack of cyber security tools being in place. In the eyes of a cybercriminal, these victims are low hanging fruit and a potentially lucrative payday.

Evolve MGA offers cyber insurance that covers policyholders in the event their cloud data is hacked, lost, or stolen. Get appointed with our cyber insurance specialists for a FREE Quote!

If you’d like to read more about the third party data breach at the Pentagon, click here.

Chief Information Security Officer (CISO) at University of Chicago Medicine, Erik Decker, believes that if major cyber risks are not mitigated then it is likely that an attack can devastate regional healthcare systems. According to Erik, a terrorism is main concern, stating that “if a threat actor can get to a certain level of sophistication and understand how to compromise regional health systems – independent health systems that are not part of the same group – by leveraging a lot of the same types of vendors that we all use and the access that these third parties have then you have a situation that is going to be quite catastrophic.”

As we continue to see the healthcare industry at the center of cyber attacks, it becomes more apparent how much these institutions are low hanging fruit for cybercriminals. Decker is co-leading a Department of Health and Human Services task group of more than 150 industry experts that is devising a plan for implementing certain provisions of the Cybersecurity Information Sharing Act of 2015 within the healthcare sector.

Evolve MGA offers cyber insurance that covers policyholders in the event their cloud data is hacked, lost, or stolen. Get appointed with our cyber insurance specialists for a FREE Quote!

If you’d like to read more about preventing a Doomsday scenario, click here.

It is incredibly difficult to defend your system against employees clicking on phishing links that they shouldn’t be clicking on. Contact us today to get a quality cyber policy for your clients.

Why Did the City of Houston Purchase Cyber Insurance?

Baker Law produced an interactive map highlighting each of the state’s breach notification laws. As a responsible business owner, it is important that you notify all affected parties in an efficient and timely manner. This ensures that you are able to avoid reputational harm.

If you’re an insurance broker, familiarizing yourself with Baker Law’s interactive map can help with explaining to your clients the importance of having a cyber insurance policy in place.

Evolve MGA offers cyber insurance that covers policyholders in the event their cloud data is hacked, lost, or stolen. Get appointed with our cyber insurance specialists for a FREE Quote!

Click here to access Baker Law’s nationwide interactive map.

This week, Facebook’s Single Sign-On (SSO) feature was hacked, resulting in 50 million accounts being exploited. In case you were wondering, SSO is an authentication process that allows a user to access multiple web applications with one set of login credentials. So not only is it supposed to be a productivity hack but it’s also supposed to be a level of security (so you don’t have passwords lying around on sticky notes). Facebook uses SSO and access tokens to allow users to stay logged into Facebook without having to re-enter passwords any time users comes back. Additionally, when users access other web applications that have integrations with Facebook, users can easily log into those accounts as well using the digital keys that Facebook has programmed. Although the ease of use has major upside for users who are consistently accessing these apps on a daily basis, the risk of getting hacked then allows cybercriminals to potentially access all of the users accounts.

Evolve MGA offers cyber insurance that covers policyholders in the event their cloud data is hacked, lost, or stolen. Get appointed with our cyber insurance specialists for a FREE Quote!