Tag: Attempt | Page 2

Silent cyber coverage here to stay? New Jersey Appellate Court rejects insurers’ attempt to expand scope of the war exclusions to cyber claims

October 18, 2023/in Internet Security

The War and Hostile Action Exclusions have been standard exclusions in property and general liability policies for decades. With the rise of cyber claims, insurers have turned to these exclusions to deny coverage where the bad actor may have governmental roots. In a win for policyholders, the New Jersey Appellate Division rejected the insurers’ attempt to deny coverage and held that the hostile/warlike action exclusion did not apply to non-military, cyber-attack claims. See Merck & Co. v. ACE American Insurance Co.¹ This ruling affirms the traditional scope of these exclusions and establishes that coverage under a commercial property policy for property damage caused by cyber-related incidents, colloquially known as “silent cyber” coverage, persists.

Merck & Co. v. ACE American Insurance Co.

On June 27, 2017, New Jersey pharmaceutical company, Merck & Co. (“Merck”), suffered a cyber-attack that left thousands of Merck’s computers damaged and encrypted by the malware known as NotPetya. The malware caused large-scale disruption to Merck’s business, resulting in $699,475,000 in losses. Although the exact origin of the malware was unknown, it was believed to have originated from the Russian Federation.

Merck tendered the claim to its all-risk property insurance carriers. The insurers reserved their right to deny coverage pursuant to hostile/warlike action exclusions and then subsequently denied coverage. Specifically, these exclusions exclude coverage for “loss or damage caused by hostile or warlike action” which was caused by “any government or sovereign power . . . or by military, naval or air forces . . . or by an agent of such government . . . .”² The insurers argued that the word “hostile” should be broadly read to mean any antagonistic, unfriendly, or adverse action by a government or sovereign power, including the Russian Federation. Rejecting the insurers’ argument, the trial court held that the hostile/warlike action exclusions were inapplicable to the NotPetya related claims. The insurers appealed.

The New Jersey Court of Appeals Narrowly Construed the Hostile/Warlike Action Exclusion

On appeal, the Court looked to the plain and ordinary…

Source…

Qakbot Hackers Continue to Push Malware After Takedown Attempt

October 6, 2023/in Computer Security

The cybercriminals behind the Qakbot malware have been observed distributing ransomware and backdoors following the recent infrastructure takedown attempt by law enforcement, according to Cisco’s Talos research and threat intelligence group.

In late August, authorities in the United States and Europe announced the results of an international operation whose goal was the disruption of the notorious Qakbot botnet, aka Qbot and Pinkslipbot.

The law enforcement operation involved the takeover of Qakbot infrastructure, the seizure of millions of dollars worth of cryptocurrency, and the distribution of a utility designed to automatically remove the malware from infected devices.

Talos has been monitoring Qakbot-related activities and on Thursday pointed out that a campaign launched by cybercriminals in early August has continued even after the law enforcement operation was announced.

As part of this campaign, the hackers have delivered Ransom Knight ransomware and the Remcos backdoor using phishing emails. This suggests, according to Talos, that the law enforcement operation impacted only Qakbot command and control (C&C) servers, without affecting spam delivery infrastructure.

The campaign delivering Ransom Knight and Remcos malware appears to be the work of Qakbot affiliates known for a previous operation named ‘AA’, which ran in 2021 and 2022.

“We assess Qakbot will likely continue to pose a significant threat moving forward. Given the operators remain active, they may choose to rebuild Qakbot infrastructure to fully resume their pre-takedown activity,” Talos said.

Advertisement. Scroll to continue reading.

SecurityWeek has also heard from others who have seen signs that the Qakbot infrastructure is being rebuilt, with cybercriminals moving to distribute new malware.

Qakbot, primarily delivered through spam emails, has been used to gain initial access to systems, to which cybercriminals could then distribute ransomware and other malware.

When they announced the takedown attempt, US authorities said they had gained access to Qakbot infrastructure and identified more than 700,000 infected computers worldwide. The FBI redirected Qakbot traffic through servers…

Source…

Hacking attempt targets govt officials’ phones

August 26, 2023/in Computer Security

An attempt to hack the mobile phones of senior government officials and acquire sensitive information has been uncovered by security agencies, the government said on Friday.

The Prime Minister’s Office (PMO) issued a statement advising officials to remain vigilant in light of the threat. According to the PMO, the hackers used phishing methods by posing as senior government officials in their attempts.

The statement read, “The involved elements, in the name of senior government officials, made the nefarious attempt to obtain sensitive information from state officials and the bureaucracy.”

The hackers attempted to obtain information through WhatsApp by sending mobile-hacking links.

The PMO has instructed all state officials to stay alert and disregard any suspicious messages received. They have also been urged to immediately notify the Cabinet Division upon receiving such messages.

The PMO statement concluded by stating, “Pakistan’s security agencies are fully alert on this matter.”

Read Hackers targeted Pakistani ‘generals, politicians’

Measures are being taken to ensure the safety and security of government officials and to prevent any further breaches.

It is worth noting that back in September of last year, a series of audio recordings were leaked, featuring conversations among key government figures in the Prime Minister’s Office. These included phone recordings of then-premier Shehbaz Sharif, PML-N Vice President Maryam Nawaz besides members of the federal cabinet.

The incident highlighted the need for enhanced cybersecurity measures

Earlier this year, the federal government sent a cybersecurity advisory to all its ministries as well as the provincial departments to take necessary measures to prevent the official data from being hacked or put on the dark web, a media report said.

The advisory had suggested several steps, including the application of two-factor authentication on all email, social media and banking accounts; avoiding installing untrusted software and unnecessary plugins on browsers and never forwarding, or clicking a link shared on email or WhatsApp by unknown sources.

The dark web, or darknet, is a part of the internet that lies beyond the reach of…

Source…

Cleveland City Schools reports ransomware attempt on devices

August 16, 2023/in Internet Security

CLEVELAND, Tennessee (WDEF) – Officials with the Cleveland City Schools say they are working on a ransomware case involving system devices.

They became aware of the attack on Tuesday.

In a statement, officials say less than 5 percent of their school devices were actually affected and none of them are student devices.

And they do not believe any personal information has been compromised.

“We want to assure you that sensitive information, including PowerSchool data, is secure off-site.”

The school system is continuing to check to see if any data has been removed from the system, but, so far, they have not found any missing data.

Source…

Tag Archive for: Attempt