Cyber Attacks

Fax machines seem to be a thing of the past for many new age businesses and professionals these days, but in reality, they’re still being used. In fact, according to Jive, more than 46 million businesses still use fax machines in some way or another. Typically businesses are still using fax machines because their clients still use them, potential government regulations or industry standards, proof of paper trail, convenience, and in some instances, fax machines are more secure.

However, an Israeli cyber security firm, Check Point, recently discovered that hackers may be infiltrating businesses networks using just a fax machine number…which might not even be connected to the internet. The researchers at Check Point demonstrated that a hacker can execute a script that targets the victim’s fax number in order to obtain network access. According to the researchers, the attacker can then use EternalBlue, a NSA-developed exploit leaked by the Shadow Brokers hacker group, to further infiltrate the network and execute malware.

Using the malware executed for this attack, the hacker can search and exploit specific information about the victim and send it back to the hacker’s fax machine. Additionally, the hacker can severely manipulate what gets sent and received. For example, if the victim sends sensitive account information to their bank, the cybercriminal can program the fax machine to send a copy to the attackers fax machine. The attacker can also tamper with the content included on the document being sent by altering the information to include or exclude what they to be attached to the document.

It’s worth noting that having a cyber security insurance policy in place will protect your business in the case that your fax machine does get exploited by hackers.

Evolve MGA offers cyber insurance that covers policyholders in the event their cloud data is hacked, lost, or stolen. Get appointed with our cyber insurance specialists for a FREE Quote!

If you’d like to read more about the potential security breaches associated with fax machines, click here.

According to recent reports, a hacker managed to gain access to Snapchat’s source code and upload it on the popular open sourced software development platform of Github potentially causing a flurry of problems for the social media application. According to The Hacker News, the underlying code could potentially expose the company’s extremely confidential information, like the entire design of the hugely-successful messaging app, how the app works and what future features are planned for the app.

Snapchat’s parent company, Snap, Inc. acted swiftly in order to file a copyright act in order to take the post offline and avoid additional exposures. They believe this upload could be in result of a mishap that occurred when they released an iOS update back in May, which accidentally leaked a portion of their source code.

Since the leak announcement, Snap has confirmed that this leak did not jeopardize the snap chat app nor did affect any of the users in their community. However, due to the nature of this cyber threat, the hackers are still in control of Snapchat’s source code, which means they still have the opportunity repost Snap’s confidential information online either on Github or other publishing platforms.

It’s worth noting that in a similar instance, the insured would be covered if they experience financial losses or business interruption due to a cyber attack of this nature.

Evolve MGA offers cyber insurance that covers policyholders in the event their cloud data is hacked, lost, or stolen. Get appointed with our cyber insurance specialists for a FREE Quote!

If you’d like to read more about this potential data breach, click here.

Reddit, the discussion forum and content aggregator, is one of the latest victims to suffer a major data breach. According to reports, an unknown hacker was able to infiltrate the network and steal significant user data.

Reddit released their report stating that the hacker retrieved current email addresses of their users, a 2007 data back up that contained email addresses and passwords of it users at that time, as well as read-only access to some of its systems that contained its users’ backup data, source code, internal logs.

The hacker was able to expose Reddit by accessing a couple of Reddit’s employees accounts through their cloud and hosting provider. Reflecting a man-in-the-middle style attack, the hacker was able to intercept text messages that were meant to be sent to the employees with a 2 factor authentication code.

It’s worth noting that had Reddit had a cyber insurance policy in place, it’s likely that they would be protected from business interruption, potential financial loss, as well as additional expenses associated with this cyber attack.

Evolve MGA offers cyber insurance that covers policyholders in the event their cloud data is hacked, lost, or stolen. Get appointed with our cyber insurance specialists for a FREE Quote!

If you’d like to read more about this significant data breach, click here.

Fin7 might not be a household name, but they are making incredible business strides as of late. The notoriously successful hacking group has been stealing boatloads of money from businesses across the globe with no slowing down in sight! According to reports, Fin7 has stolen billions of dollars from businesses through an array of different cyber attacks. In the United States alone, they have stolen over 15 million credit card numbers from more that 3,600 business locations.

Despite the arrests of three high level members of the cyber criminal organization, Fin7 still manages to conduct business and steal funds from companies across the world. The hacker group has made incredible strides in order to be so successful in their attacks, which further indicates the willingness hackers take in order to master their craft and figure out ways to infiltrate businesses of all sizes.

According to the DOJ, “on or around March 27 of last year, an employee at a Red Robin Gourmet Burgers and Brews received an email from [email protected]. The note complained about a recent experience; it urged the recipient to open the attachment for further details. They did. Within days, Fin7 had mapped Red Robin’s internal network. Within a week, it had obtained a username and password for the restaurant’s point-of-sale software management tool. And inside of two weeks, a Fin7 member allegedly uploaded a file containing hundreds of usernames and passwords for 798 Red Robin locations, along with “network information, telephone communications, and locations of alarm panels within restaurants.”

This attack was after the arrests of 2 of the top level executives within Fin7, which goes to show that hacker groups like Fin7 are not intimidated by the implications of getting caught. Many researchers believe that organizations like this are state sponsored, which in turn supports the funding of finding and training individuals to conduct these attacks.

These organizations further support the reasons as to why businesses in any and all industries should be equipped with market leading cyber insurance. The coverage that Evolve MGA provides covers policyholders in the event their cloud data is hacked, lost, or stolen.

Business owners around the globe are understanding the importance of cyber protection in one way or another, so don’t be a CEO who is reactive, be a CEO who is proactive. Get your business covered with Evolve’s cyber security insurance today!

To read more about the success of this cybercriminal organization, click here.

A small town in Alaska was hit so unexpectedly by a ransomware attack that they were knocked back decades in time to when it was the norm to be using type writers and hand receipts to conduct business! Matanuska-Susitna, a borough in the Anchorage area, reported that a group of cybercriminals infiltrated their computer infrastructure (computers, servers, telephones, and email correspondence) with various strains of crippling malware.

According to the IT team in Matanuska-Susitna, the cybercriminals were able to hit the network with a multi-pronged attack, including Emotet trojan horse, BitPaymer ransomware and an actual hacker logging into the borough’s network. The successful cyber attack resulted in nearly all of the borough’s 500 workstations and 120 out of 150 servers were affected. An interesting aspect of this attack is that it will be referred to as a “Zero-Day Attack,” which means the hackers used strategies that were never seen before further illustrating the levels of innovation and skill that cybercriminals are programing into their attacks.

Like most cases, when municipalities and local governments get hit with cyber attacks, many everyday services get affected. For instance, in the attack on the Matanuska-Susitna government, they have experienced outages in the pool management, libraries, animal care, landfill, collections, as well as a number of web services such as e-commerce. Although some of these outages might not seem incredibly important in order to conduct normal business operations, it is worth noting that the employees affected were forced to spend more time figuring out ways to compensate for the infrastructure being out of commission (using typewriters and hand receipts), which ultimately correlates with financial losses and business interruption.

Had the local government of Matanuska-Susitna had cyber security insurance policy in place, they would have been covered for the unexpected expenses that resulted in this cyber attack.

Evolve MGA offers cyber insurance that covers policyholders in the event their cloud data is hacked, lost, or stolen. Get appointed with our cyber insurance specialists for a FREE Quote!

If you’d like to read more about this cyber attack, click here.

The largest known data breach attack on a pediatric care facility occurred a few months ago, exposing over 105,000 patients and employees to potential fraud. In result of the magnitude of this attack, the Boys Town Hospital has been added to HIPAA’s wall of shame, which is achieved by exposing more than 500 individuals via a cyber attack.

According to HIPAA, this is the 8th largest cyber attack on a healthcare organization JUST this year, which the Boys Town Hospital confirmed that this data breach was found on May 23rd after noticing unusual activity surrounding an employee’s email account. Additionally, this security breach resulted in the following exposures: names; dates of birth; Social Security numbers; diagnosis or treatment information; Medicare or Medicaid identification numbers; medical record numbers; billing/claims information; health insurance information; disability codes, birth or marriage certificate information; employer identification numbers; driver’s license numbers; passport information, banking or financial account numbers; and username and password.

In addition to hiring a forensic investigation firm, we can expect data breach attorneys and PR consultants to be hired, all billing at an hourly rate. Depending on their findings, notification and credit monitoring costs could follow.

Had Boys Town Hospital been protected with a cyber insurance policy, it’s likely that they would be covered for these expenses.

Evolve MGA offers cyber insurance that covers policyholders in the event their cloud data is hacked, lost, or stolen. Get appointed with our cyber insurance specialists for a FREE Quote!

If you’d like to read more about this data breach, click here.

A family care clinic in a small Missouri town called Blue Springs Family Care was recently hit with a ransomware attack. This attack lead to the clinic hiring a forensic investigator firm to decipher the effects of the attack, but what they found was that their operating system was highly infected with various malware softwares.

According to the investigation, the security researchers found indications that unauthorized persons had compromised the Blue Springs computer systems and loaded a variety of malware programs, including the encryption program responsible for the ransomware attack. Although it’s not uncommon to find other issues associated with a ransomware attack when conducting the investigation, but in this case, the cybercriminals had full control of all their operating systems due to the widespread of infections found.

In addition to hiring a forensic investigation firm, we can expect data breach attorneys and PR consultants to be hired, all billing at an hourly rate. Depending on their findings, notification and credit monitoring costs could follow. Lastly, if medical records were exposed, then a complete security risk assessment may be conducted by the Office of Civil Rights under the federal HIPAA legislation, which can result in Blue Springs being added to HIPAA’s Wall of Shame (data breaches that have affected more than 500 individuals).

Had Blue Springs been protected with a cyber insurance policy, it’s likely that they would be covered for these expenses.

Evolve MGA offers cyber insurance that covers policyholders in the event their cloud data is hacked, lost, or stolen. Get appointed with our cyber insurance specialists for a FREE Quote!

If you’d like to read more about this data breach, click here.

Cybercriminals have proven their ability to be innovative time and time again by finding new ways to attack and infect businesses and individuals with viruses in order to make a profit. More recently, reports have indicated that these hackers have been using vulnerabilities found in bluetooth to infiltrate operating system software drivers from some major vendors including Apple, Broadcom, Intel, and Qualcomm.

Due to vendor protocols surrounding authenticating encryption codes received over-the-air during secure device pairing, cybercriminals were able to use the bluetooth technology to target devices during the pairing process to launch a man-in-the-middle attack. This attack results in the hackers ability to snoop on supposedly encrypted device communication to steal data going over-the-air, and inject malware.

Since the exposure has been detected, the companies affected have released software and patches in order to avoid consumers from getting infected with malware. Although no security breaches were reported by any of the above companies, it is recommended for businesses that utilize bluetooth products to operate aspects of their business, should ensure their customers are not at risk when conducting business with them.

Evolve MGA offers cyber insurance that covers policyholders in the event their cloud data is hacked, lost, or stolen. Get appointed with our cyber insurance specialists for a FREE Quote!

If you’d like to read more about this potential attack opportunity, click here.

 

The Chinese shipping and logistics company, Cosco was recently hit with a massive ransomware attack, which resulted in eight of their major offices knocked offline. According to the China Ocean Shipping Company, they were able to stabilize their networks across the 27 offices they have in North and South America, which were initially shut down to investigate the attack.

According to Cosco, they have implemented contingency plans, such as transfer of operations and conducting operation via remote access, to ensure continuous service in the Americas. During the network failure period, there could be delays in service response in the Americas. As we have seen in the past with similar attacks, businesses being affected by network vulnerabilities result in business interruption, financial losses, and reputational harm.

Had Cosco had a cyber insurance policy in place, it’s likely that they would be protected from business interruption, financial loss, as well as additional expenses associated with any cyber attack.

Evolve MGA offers cyber insurance that covers policyholders in the event their cloud data is hacked, lost, or stolen. Get appointed with our cyber insurance specialists for a FREE Quote!

If you’d like to read more about this ransomware attack, click here.