About Over 50 Articles Library
Content: Services - Computer
Computer Security No 57: Insurance does not pay for human errors WannaCry
Corporate - Private Computer Security
Insurance does not pay for human errors WannaCry
KnowBe4 put out an interesting post on the aspect of human error when asking for a policy pay-out.
The WanaCry ransomworm has caused insurance companies really to take notice. Customers have started to file damage claims, however it is a bit early to see the insurance industry's full exposure to this recent malware pandemic.
The estimated total financial damage caused by WanaCry in just the initial 4 days would exceed a billion dollars, looking at the massive downtime caused for large organizations worldwide.
Insurance underwriting is a numbers' game and the entire pool of money can handle a small number of losses, not a major systemic event that can trigger hundreds of thousands of claims.
So insurers try to limit their risk, similar to medical insurance where the issue of pre-existing conditions has seen a lot of controversy.
Three Things to Be Aware of in the Fine Print
There are three issues you need to be aware of when you buy a cyber security policy, or when you review your existing policy:
* Is a known vulnerability that you have not patched a pre-existing condition?
* Should an un-patched system be covered under a clause for errors and omissions?
* When an employee falls for a phishing attack and infects the network that way, is that covered?
Microsoft patched the vulnerability exploited by WannaCry BEFORE the whole Internet was scanned for unpatched PCs. Sites affected were clearly not patched to the latest level.
Cyber insurance normally does not pay out when employee error was the cause of the infection.
(source: knowbe4; image source: jeromehowe.com)
Bitcoin mining company boss faces US$12 Million fine
United States Securities and Exchange Commission (SEC) has won a Litigation against two Bitcoin companies operated by Homero Joshua Garza - GAW Miners and ZenMiner.
Garza was operating a Ponzi scheme that used the "lure of quick riches from virtual currency to defraud investors". The SEC litigation continues against Garza.
15 year old Japanese teen arrested for creating ransomware
Japanese authorities arrested the teen in the Osaka Prefecture for allegedely creating a ransomware virus similar to WannaCry. He admitted to uploading the ransomware on January 06 to a foreign website and taught users to download and use it via social media.
25 year old NSA Contractor arrested for leaking classified info (re:Russian hacking efforts before 2016 US election)
The US Justice Department announced charges against Reality Leigh Winner, a contractor with Pluribus International Corp. in Augusta, Georgia, accusing her of "removing classified material from a government facility and mailing it to a news outlet".
She was caught by analysing the printed document she scanned for the tiny patterns that can identify any printer.
The document was published by Intercept and shows the spear fishing campaign used against US political entities:
ShadowBrothers "Wine of month" Subscription for US $21,000 a month
The ShadowBrothers hackers, responsible for the release of the WannaCry exploit returned with a $21K/month subscription offer.
The offer is valid only for the month of June 2017. Interested hackers are invited to pay 100 ZEC (Zcash) to a given z_address. This is about US $21k/month.
The June data dump in the subscription would include:
* Exploits for operating systems, including Windows 10.
* Exploits for web browsers, routers, and smartphones.
* 8 Compromised data from banks and Swift providers.
* Stolen network information from Russian, Chinese, Iranian, and North Korean nuclear missile programs.
(source: theregister.co.uk; image source: Natalie MacLean)
Attacks to be aware of
Fireball malware - 250 million computers affected
This is an interesting malware, as the trend will only augment, and the only way to protect yourself is to be a total non-user of apps like me or download only from trusted sources. This is what happens:
Developers of apps can use a plugin (code/interface) that talks to an "ad-serving platform". You, as a user of an app, do NOT see how the platform serves you ads; for each ad you click, the platform will make money (from the client who advertises) and the developer will be given a % of this money.
It would be very easy for the developer to also simulate clicks (on your behalf); they would only get discovered through heuristic analysis (ie getting out of the statistical bounderies: for each 1 million views of an ad, only 1,000 will click).
THIS is exactly what the Chinese marketing firm Rafotech exploited. It's called Fireball and it comes bundled within free software programs you download; it will transform your device into a an adware consumer and also distributor of additional malware.
"Zusy" PowerPoint malware spreads without needing macros
A malware called Zusy is spreading as a PowerPoint file attached to spam emails with titles like "Purchase ofer #12345" and "Confirmation".
It does not require the user to enable macros to execute (which was the old style of viruses mimicking a macro you would run). You only need to hover with the mouse over the URL (link) and youi get the following prompt (on Office 2013 and Office 2010):
Please DON'T click Enable!
(image source: toonpool) (info sources: checkpoint, sentinelone, espacepublishing)
Cyber Security and Privacy suite for Directors and Executives
ABG offers the Cyber suite of course modules:
- Cyber threats and defences Module - Tactical plans
- Directors and Officers Module - Strategy
- Risk Management Workshop for Cyber
- Cyber Crisis simulation
Send your enquiries to firstname.lastname@example.org
NEW SERVICE OFFER from ABG and Conscious Governance:
Cybersecurity Governance Systems Review
to find out more visit:- http://consciousgovernance.com/cybersecurity-governance-systems-review
Cyber Security training and governance reviews:
Cyber Security & Privacy suite for Directors and Officers
15% discount offered if booked before 30/06/17
Send your enquiries to email@example.com
* ABG and Conscious Governance joint service offer: Cybersecurity Governance Systems Review
Memories of jokes
Moderated by Monica Schlesinger: www.advisoryboardsgroup.com.au
© About Over 50s 2017 website by aml websites online