Press "Enter" to skip to content

Customers are a greater target with insurance, and the lifestyles of the rich and hackers

Cybersecurity researchers at Fox-IT, part of NCC Groupexamined over 700 negotiations between ransomware attackers and ransomware victims to analyze the economics behind the digital extortion attacks that demand a ransom payment – often millions of dollars – in exchange for the decryption key. 

They found that if the victim has cyber insurance and that the attacker knows about it, then there are few maneuvers for negotiating for a smaller ransom payment because the attackers will exploit the existence of the cyber insurance to cover the payment they’re demanding.

Speaking of insurance, an idea I’ve pitched on this podcast is one I’ve spotted now in the wild.   Resilience, a cyber insurance firm that couples insurance with software, raised a series C.   Policyholders get preparedness training, continuous security monitoring, and notifications – and position as working proactively to protect customers.

Apple published plans to now inform users whose iPhones and devices have been compromised by state-sponsored hacking efforts.  Details are in a support document.    Users will get an iMessage and email to the information on file, and a Threat Notification will be displayed when a user signs into Apple ID.  

Also, in news you can use, Zoom has finally added automatic updates to their Windows and macOS clients.     Individual users will now have updates enabled by default, and there are choices for Slow or Fast frequencies.  Slow focuses on stability – although critical security updates will roll out regardless of the selection. 

A piece in the Washington Post details the lifestyle of a hacker living in Russia.   A 28-year old member of REvil is driving a $74,000 land Cruiser and living in a trendy neighborhood without any apparent fear of arrest.    He is responsible for roughly 2,500 ransomware attacks with $767 million in demands.   And he’s not alone, as the piece highlights other extravagant hackers.  

These groups continue to pivot.   Sabbath, a rebrand of group Arcane, has been found launching attacks on schools and hospitals similar to their previous efforts.  Researchers have even shown their victim site is identical to the old branding and proven a shared infrastructure.     The constant rebranding keeps them under the radar.

The New York Times digs into the cyberwar between Israel and Iran, which has expanded to include civilian targets – on a large scale.    Gasoline distribution, railroads, water systems – and exposure of an openly gay Israeli broadcaster’s personal details intended to expose thousands of Israeli’s who had not come out. 

Why do we care?

A cyber insurer puts their money where their mouth is by backing it with technology and monitoring.   Not an endorsement, just an observation.      I’m now tracking two security companies who have linked a financial component to the tool they provide… or in this case, vice versa.       The insurance market wants to be in this space while actually making money.     This is one model that should work, and I expect to see more of this, similar to the idea of monitoring usage on drivers to achieve better rates.

There’s money in hacking to be sure – and protection by choice of where to live.     Wonder why I propose the idea of Seal Team Six addressing cyber?   That’s why – because Americans should be afraid of the idea of open warfare between two countries, such as Israel and Iran.     

Services providers are more like their customers than software providers in the security market.  While those who sell locks make money regardless of the effectiveness of the lock, the locksmith is blamed, or feels the pain, when the lock fails.