When it comes to cyber threats, the methods they use to infiltrate a system are constantly changing. Here’s an overview of what organizations should keep in mind to stay ahead of attacks.
It’s an unfortunate but universal truth: if you think you understand how cybersecurity players operate, they’re probably on the verge of changing things.
Data breach may have been the original cybercrime of the early 2000s, but then ransomware took center stage and attention focused less on data vulnerability and more on business disruption. .
Today we are experiencing the integration of the two, with much greater damage potential as a result. When it comes to data exfiltration, here are four things any company with cyber vulnerabilities should note.
1) Extortion incidents are much more complicated than they once were, as threat actors find new ways to do business.
Today, encrypted files are just one of many concerns.
Now threat actors are also threatening to expose the theft of your company’s data and are looking for payment to prevent this. Even with proof of deletion, your data may still be in the hands of other threat actors, exposing your organization to legal and reputational risks.
When data is exported or exfiltrated from the victim’s network before being encrypted to render it unusable by the victim, this is considered double extortion. The data can then end up on the dark web for others to take advantage of – and once that happens, even if the original threat actor was paid to destroy the data, they are almost impossible to ensure that information is not accidentally or intentionally shared with other threat actors.
Double extortion now occurs in the majority of extortion incidents, including two-thirds of incidents reported by Beazley’s Cyber Services team in the first quarter of 2022.
As if double extortion weren’t enough, triple extortion is also becoming more prevalent. This happens when, in addition to encrypting and threatening to publish exfiltrated data online, the threat actor also puts further pressure on the victim. The attacker can threaten “denial of service attacks” against the victim’s remaining infrastructure.
Threat actors can also examine the exfiltrated data and threaten to contact anyone whose details are contained if the targeted organization does not pay.
2) Not only does exfiltrated data pose more dangers, but organizations’ exposure to risk also increases.
It is increasingly easy to deploy ransomware and malware, giving hackers wider access than ever before. The tools are cheap to rent, and competition between ransomware vendors has led tool authors to only charge 10-15% of the ransom compared to the standard 40%.
Additionally, some tools are made available to the public and anyone with minimal coding skills can reuse them. These factors make it easier than ever for a hacker to gain access to your system.
At the same time, companies are increasingly exposing their own services. Organizations are moving business operations to the cloud to scale more efficiently than they could using their own infrastructure and are increasingly taking advantage of machine learning and artificial intelligence capabilities.
It’s a common mistake to expect cloud providers to automatically provide security on your behalf. Often the tools may be there, but they are not enabled by default. In other words, you can’t just “cloud and go” and expect a secure experience.
To keep up with the competition, many companies are also using agile development to quickly release data and services online. This can present business opportunities, but it also carries risks if speed is prioritized over security.
All of these decisions present potential threat vectors.
3) The risks may extend, but there are still things you can do to protect your data.
When it comes to defending data, multi-factor authentication (MFA) is absolutely essential.
In fact, data shows that organizations are 2 to 2.2 times more likely to experience a ransomware attack if they have not implemented MFA.
There are increasingly secure forms of MFA, and attackers are increasingly using techniques such as social engineering to circumvent protections. This is no place to skimp; without MFA, a malicious actor who uses correct credentials to log into an organization’s system may be undetectable.
Forms of MFA that may be considered more secure include push notifications, time-based one-time passwords (TOTP), OAuth (Open Authorization) tokens, hardware tokens, authenticator apps, biometrics or a FIDO2 key like YubiKey or RSA SecurID.
4) Despite best efforts, incidents can and will happen – and the operational, legal and reputational impacts can be significant.
With escalating techniques, today’s extortion risks can include multiple threat actors and a variety of threat vectors.
While there is no foolproof way to protect your organization from all possible dangers, understanding evolving threats is essential for policyholders and brokers looking to mitigate risk in this new world of cyber extortion. . To learn more about extortion trends and specific ways your organization can protect itself, check out Beazley’s latest article. Overview of e-services. &