High Profile Accounts Hacked In Social Engineering Scam
Hackers take over the following twitter accounts after accessing HQ admin tool:
Joe Biden, Kanye West, Barack Obama, Warren Buffett, Michael Bloomberg, Jeff Bezos, & Elon Musk.
How did Twitter get hacked?
Hackers socially engineered or “tricked” Twitter employees into giving them access to internal Twitter systems & tools. The hackers targeted celebrity twitter accounts by requesting bitcoin for charity, tricking people into sending money to the hacker’s fraudulent bank account!
How much money did the hackers steal?
The scam resulted in 383 transactions and 13 bitcoin or $118,000 worth of money over 24 hours sent to the hackers’ fraudulent bank account. The tweets posted from the high-profile accounts were up for about 3 hours before Twitter’s cybersecurity team contained the event and alerted users to the hack.
Does Evolve provide cyber insurance for this type of event?
YES! Evolve’s Cyber Crime covers Push Payment Fraud, or 3rd party social engineering coverage for the Insured’s clients or vendors. These attacks occur when a business’ customers (or in this case social media users) are tricked into sending money to a fraudulent bank account, under the impression that it belongs to the business. If the Push Payment Fraud section of our policy is triggered due to a cyber event, we will reimburse the Insured with the costs associated to indemnify their customers who were tricked into sending money to a hacker.
HOW DO HACKERS SUCCESSFULLY ATTACK BUSINESSES?
The cybersecurity researchers at Digital Shadows studied The Dark Web for 18 months analyzing how hackers gain access to stolen account details. Their findings; shocking, yet powerful to mitigate your client’s cyber exposure. Right now, the average person has signed up for 191 online services, actively giving out 191 combinations of confidential login credentials. You would never give out your work email address and favorite reused password to a stranger, but that is exactly what the average person has done 191 times. Hackers have stolen over 15 billion login credentials from over 100,000 online services. These stolen login credentials are behind the vast majority of successful hack attacks on businesses!
THE SCARY, SHOCKING CYBER EXPOSURE REALITY
The vast majority of people do not understand that their confidential login credentials are already being used by hackers to attack their company! Most businesses learn this lesson, only after experiencing a hack attack.
MITIGATE CYBER EXPOSURE WITH THE DARK WEB SCANNER
Evolve’s Dark Web Scanner pulls the top 10 people within the organization that have had their login credentials stolen, prioritized by the amount of services that have lost their information. Empower your clients to mitigate their cyber exposure by presenting this information with security recommendations to decrease cyber exposure. Risk mitigation recommendations include, but are not limited to, implementing a strong password protection plan, multifactor authentication, and secure funds transfer protocols. You can find a total checklist of security best practices for management to audit their IT department in the Secure My Business Checklist button above.
DARK WEB HACKING STATISTICS
15 billion login credentials are circulating The Dark Web, up 300% since 2018.
100,000 online services have had their sensitive login information stolen by hackers.
General login credentials are initially sold for $15.43 before being released for free.
Financial/bank account credentials are sold at an average of $70.91 per login.
Administrator credentials are sold at an average of $3,139, but can go as high as $140,000.
2 million “invoicing” (already) compromised email threads are actively being sold.
Brute force cracking software is widely being used to verify stolen passwords at $4 an account.
The Dark Web Scanner
The Cyber “Security” Sales Tool
What is the Dark Web Scanner?
Did you know that the majority of your clients have already been compromised by hackers? Right now, hackers have access to billions of confidential “stolen” login credentials from online 3rd parties. Hackers specifically use these compromised login credentials to get into things like employee email accounts or even worse, bank accounts. This hack attack is called “business email compromise” or “BEC” and it costed US businesses $1,700,000,00 last year according to the 2019 FBI Internet Crime Report. Click the button below to pull a dark web scan for your client!
How does the Dark Web Scanner simplify cyber sales?
Before discussing cyber insurance, Evolve now shows the top 10 people in the organization that have had their login credentials compromised, the amount of times, and the services that lost their information. Most businesses are unaware that their employees have compromised login credentials, until those credentials are successfully used in a hack attack against the business. By showing the business owners actual, compromised employees in their organization, cyber insurance exposure becomes real. Hackers frequently use these credentials to successfully execute the two most common cyber attacks; “Ransomware” & “Funds Transfer Fraud.” Click the button below for more information on each type of attack!
How does the Dark Web Scanner mitigate cyber exposure?
Step one is making the business aware that hackers have stolen sensitive login information on their employees, via online 3rd parties, increasing the business’ hack attack vulnerability. Step two is recommending a strong password security protection program that mitigates against BEC hack attacks. Best practices include top down implementation of corporate password management software, strict difficulty requirements, and the simple rule: NEVER REUSE PASSWORDS. Click the button below for a business owner “cybersecurity best practices checklist.”
Thank You For The Support!
“Evolve Wins Monumental Advisen 2020 Cyber Awards”
What are the Advisen Cyber Risk Awards?
For the past seven years, Advisen Ltd., the insurance industry’s leading data, technology, & media company, has hosted what has become the most esteemed international awards ceremony in the cyber insurance community. Thousands of industry leaders from across the globe gather at the awards ceremony to become acquainted with their peers and honor the cyber market’s top performers. Last year, Evolve MGA took home the “Cyber Newcomer of the Year Award” thanks to the outstanding support from our broker relationships. This year, Evolve took home not one, but TWO of the most sought-after awards Advisen has to offer.
The folks at Evolve wanted to say a special THANK YOU for helping us win these awards.
Evolve Wins Advisen’s 2020 “Cyber MGA of the Year”
The Cyber MGA of the Year award is presented to the managing general agent that has proven their enduring commitment to cyber industry by working closely with their clients to uphold the highest standards of customer service, while offering specialized underwriting capabilities on behalf on an insurer. Evolve is truly humbled to have won this prestigious award.
Esteemed Nominees: CFC Underwriting, Coalition, Corvus, Cowbell Cyber, Ascent Underwriting, At-Bay, Arceo.ai, EmergIn Risk, Pen Underwriting, ProWriters, & Victor Insurance Services.
Evolve Wins Advisen’s 2020 ” USA – Cyber Person of the Year”
The Cyber Person of the Year – USA award recognizes the commitment and judiciousness of the market’s most deserving individual, as well as their dedication to their peers, clients, and company. This year, Evolve’s Patrick Costello (LinkedIn) & Michael Costello (LinkedIn) were both honored with this award, making all of us at Evolve very proud to work among such capable and accomplished leaders.
Esteemed Nominees: Erica Davis (Guy Carpenter), Yosha DeLong (Zurich), Joe DePaul (Willis Tower Watson), Christiaan Durdaller (INSUREtrust), Christian Hoffman (AON), Sylvia Menetre (McGriff Insurance Services), Garin Pace (AIG), Brian Robb (CNA), Rob Rosenzweig (Risk Strategies), Marc Schein (Marsh), and Michael Tanenbaum (Chubb).
We cannot express our gratitude enough and look forward to continuing our journey as one of the cybersecurity insurance industry’s most prominent leaders in years to come.
We appreciate YOU for supporting Evolve MGA.
– The Evolve Team
What is Cyber Insurance?
Cyber insurance, also referred to as “cyber liability insurance,” “data breach insurance,” or simply “hacker insurance” is an insurance product that covers the costs associated with hack attacks and data breaches. In today’s world, hackers are constantly evolving (pun intended) by thinking up new, creative methods of illegally acquiring company funds and sensitive data via electronic means. Cyber insurance covers all the costs faced by a business after experiencing a hacker prompted cyber attack.
What does “cyber liability insurance” cover?
Traditional cyber “liability” insurance coverage provides reimbursement for third party legal defense costs a business faces after a cyber attack results in a third party lawsuit and/or a regulatory fine or penalty. The most common third party lawsuit occurs after a business loses sensitive personally identifiable information (PII), protected health information (PHI), or payment card information (PCI). The second most common cyber liability lawsuit occurs when a business passes a computer virus to a third party.
What does cyber insurance cover?
Modern day cyber insurance has liability coverage and extensive first party coverage built in for all the costs that come out of the businesses’ pocket after a cyber attack. Most cyber attacks require expensive forensic experts to stop the attack before it is out of control and a data breach attorney to mitigate any future costs by following federal, state, and private regulatory bodies. Other first party cyber insurance costs include notification, PR hourly billables, system damage & restoration, business interruption lost profit, reputational harm lost profit, cyber crime fraudulent transfers, ransomware extortion, cryptojacking, and hardware replacement.
What are the most common cyber attacks?
Nearly all cyber attacks start as either ransomware or funds transfer fraud, also known as social engineering or wire transfer fraud. In a ransomware attack, a curious employee normally clicks on a phishing email sent by a hacker that automatically downloads ransomware malware. The ransomware virus is written to locate enterprise information stored in the cloud & locally, encrypt the information grinding the business to a halt, and extort the business for cryptocurrency in order to have their information decrypted. Wire transfer fraud, is reimbursement cyber insurance coverage after the business accidentally sends money to a fraudulent third party, better known as a hacker!
In a ransomware cyber attack, what is covered by cyber insurance?
A cyber specialist forensic expert, at a $500 hourly billable rate, is the first call to remove ransomware and get the business back up and running. In the event the ransomware is unable to be decrypted, the business will be directed to pay the cryptocurrency extortion payment to decrypt the data. If the ransomware is not caught in time or the hackers decide not to decrypt the data, the business could face serious business interruption costs, data recreation costs, and reputational harm costs.
In a funds transfer fraud cyber attack, what is covered by cyber insurance?
Cyber insurance covers the reimbursement cost for funds fraudulently sent to the hacker’s bank account from either the businesses’ bank account, the clients’ bank account, or the senior executive officers’ bank accounts.
Why do businesses buy cyber insurance?
Cyber insurance is a cost effective cyber risk mitigation insurance product that can save a business hundreds of thousands to millions of dollars in the event of a cyber attack. Successful cyber attacks are caused by human error, typically rooted in curiosity or blind trust. Millions of small businesses lose billions of dollars every year to hackers!
What does cyber insurance cost?
Cyber insurance costs vary based upon the size of the business, the industry, and the coverage included in the cyber insurance policy. Buyer beware! With over one hundred cyber markets competing against each other, coverage can be extremely limited and pricing is all over the board. It is important to get a professional opinion from an insurance broker on the correct coverage for the right price. For businesses under $50M in revenue, the average cost for the broadest cyber insurance product is $5,000.
What should I look for in a top cyber insurance company?
The best cyber insurance companies offer risk management services that improve the businesses’ overall security practices, the broadest cyber coverage that is triggered in the time of a claim, and immediate access to specialized forensic claims handlers on a 24/7 hotline to stop a claim before it gets out of control.
Cyber Insurance from Evolve MGA
Evolve is a cyber insurance “specialist” market that underwrites the broadest cyber insurance policy in the marketplace distributed directly to retail insurance agencies across the United States. In addition to providing the broadest cyber policy in the market, Evolve policyholders have direct access to the largest cyber specialist claims team in the world and risk management vendors that improve overall cyber security. Retail insurance brokers love Evolve’s simple streamlined quote to bind process and cyber specialized sales and marketing tools. Interested in a cyber quote? Email [email protected] with a business name and revenue figure for quotes!
Client Advisory: COVID-19 Cyber Attacks
Hackers Exploit COVID-19 with Malware / Ransomware in Phishing Emails
Cyber criminals have registered over 4,000 domain names containing “Corona” and/or “Covid.” Disguised as COVID-19 help, these new fraudulent domains are being used to execute phishing and ransomware attacks. Fraudulent emails may come in the form of a message from the Center for Disease Control & Prevention (CDS), the World Health Organization (WHO), health advice from a medical specialist, or even internal workplace policy notifications.
Best Practices to Avoid a Cyber Incident
Multi Factor Authentication:
In order to prevent hackers from obtaining access to emails, we highly recommend utilizing Multi-Factor Authentication (MFA) when logging into email related accounts and applications that require a username and password. MFA will send a text / alert to the user’s cell phone with an authorization code, which will be used to confirm the person logging into the email account is in fact them. This is one of the most successful methods of preventing hackers from using brute force attacks, in which they run a program that rallies through a series of passwords until one works. There are free MFA options with every email service provider.
One of the best practices that businesses can employ in order to prevent fraudulent email incidents is to train personnel on how to spot them. If you are an Evolve policyholder, you have access to one of our free risk management tools called CyberRiskAware. This program allows the user to create fake phishing email campaigns which are sent to staff members. If a staff member opens the email and clicks on a link, they will be prompted to watch an educational video about fraudulent email awareness.
Advanced Preparation / Anticipation:
In the event of a phishing or ransomware attack, it is important to have a plan of action in place in order to contain the incident as quickly as possible. Our 24/7 cyber incident response team is ready to provide immediate assistance, so please be sure to contract them as quickly as possible if you believe your business may have experienced an email breach.
Recent COVID-19 Hacks in the News
- Department of Health & Human Services Denial of Service (DDoS) Attack: https://abcnews.go.com/Politics/cyberattack-hhs-meant-slow-coronavirus-response-sources/story?id=69619094
- Princess Cruise confirms data breach including SSN’s, passports, & drivers licenses: https://techcrunch.com/2020/03/13/princess-cruises-coronavirus-breach/
“By 2025, we expect the U.S. [Cyber] market’s gross written premium to surpass $20 billion.”
Rough Notes recently quoted Patrick Costello on growth expectations in the cyber market.
Cyber Insurance Trends Article: Click here for the article.
Do all of your clients currently purchase cyber?
If not, the Cyber Specialists EvolveMGA will help increase your cyber bind ratio!
Click here to get a quote today!
Apple’s iPhoneX Face ID feature recently made headlines, but for reasons that questions the security of their cutting edge technology. A Vietnam research firm, Bkav, claims that they have successfully fooled Apple’s latest facial recognition system, Face ID. According to the firm, the mask used to fool the system is crafted by combining 3D printing with makeup and 2D images, in addition to some special processing on the cheeks and around the face, where there are large skin areas, to fool the AI of Face ID.
This display of sorcery by Bkav reinforces the importance of practicing sound security practices to avoid cyber crimes. We instill a lot of trust in companies like Apple, but companies need to instill that same level of trust in their end users who will be accessing sensitive business information on a daily basis.
To watch the security firm, Bkav, combat Apple’s Face ID technology click on the link.
In the result of your new, company iPhone X being compromised, EvolveMGA cyber policy, EVO 3.0, covers policyholders in the event their cloud data is hacked, lost, or stolen.