AWS Domains Used to Send Phishing Emails and Steal Credentials Cybercriminals are using Amazon Web Services to create phishing pages that bypass security scanners and scam victims into handing over credentials. The scammers send targets what appears to be a standard password expiration email or other emails meant to create a sense of urgency. The emails come from legitimate AWS domains, but a closer look shows the inclusion of false nicknames,...

Cybersecurity, or the lack of it, is something that we all need to be concerned about. In no industry is that more readily apparent than the financial sector. As the threats continue to evolve, it’s important that we don’t forget about older threats that continue to pose serious risks to financial institutions. Ideally, all organizations would rapidly expunge known vulnerabilities from their networks, starting with the most severe bugs that...

Canada’s Desjardins Settles Data Breach Lawsuit for $155M Highlights the risks posed by insider threats and lack of information segmentation. The cost of the settlement adds on to the costs the bank has already carried resolving the breach they discovered in 2019. The breach, which was publicly disclosed in June 2019, involved a “malicious” insider stealing and selling personal details for 4.2 million active customers of the...

Why that might not be a good thing for Nebraska. Based on a study of thousands of cases that it has worked, incident response firm Coveware has found that the number of firms paying a ransom has dropped from 85% in Q1 2019 to 46% in Q1 2022. When victims do pay a ransom, in Q1 2022, they paid an average of $211,529, down 34% from the previous quarter, Coveware found. It attributes this to fewer victims paying, attackers overall infecting...

Declining Loss Ratios May Allow Insurance Premium Increases to Moderate in Late 2022 An improvement in loss ratios for cyber insurance providers in 2021 means the rapid rise in premiums might, at last, subside later this year. The loss ratio, simply insurer payouts versus premiums earned, declined for the first time since 2018 despite the frequency and severity of claims filed for cyberattacks increasing yet again in 2021. The improvement was...

Ransomware has been on a dramatic upswing over the last couple of years. The proliferation of Ransomware As A Service (RAAS), the subsequent lowering of barriers for both criminal groups and state actors, as well as the payment of ransoms have helped drive this dramatic increase. According to the U.S. Cybersecurity and Infrastructure Security Agency (CISA), most ransomware attacks start through phishing, exploitation of remote desktop...

Memo to businesses: Ransomware attacks are worse than ever, and unless you prepare, don’t be surprised if you or your business is the next victim, warn government cybersecurity czars. Joint advisory cybersecurity authorities in the United States, Australia, and the United Kingdom observed a marked increase in sophisticated, high-impact ransomware incidents against critical infrastructure organizations globally throughout 2021. They expect...

The Ripple Effects that Extend Outward from a Breach According to the Verizon 2020 Data Breach report, 22% of all security incidents are perpetuated by insiders. In addition, the costs of insider breaches – caused either by human error or bad actors have – risen by 47% over the past two years. As an organization, a certain amount of trust is required to ensure that business runs smoothly. But, given the inherent risks involved, that trust...

There are several trends emerging in the cyber insurance industry that are worrying for mid-size and local entities. These trends are largely a response to the havoc ransomware has caused across industries in the last 18 months. The emerging trends can be summed up as: Prices are increasing, in many cases in the range of 2x-4x Renewal and acceptance rates for policies are going down, in many cases, by 40%-60% compared to previous years Entities...

Law enforcement and intelligence agencies in the U.S, the U.K. and Australia have issued a joint advisory on unidentified Iran government-backed advanced persistent threat (APT) actors exploiting Fortinet and Microsoft Exchange ProxyShell vulnerabilities to attack organizations in their respective countries. Attributing the attacks to a specific APT group is inherently challenging, but a senior cyber threat intelligence analyst has pointed out...