Tag Archive for: claims

Ransomware attacks tied to significant increase in cyber insurance claims

/in


Cyberinsurance claims have significantly increased during the first six months of 2023, mostly due to ransomware attacks, according to The Record, a news site by cybersecurity firm Recorded Future.

Almost 20% of cybersecurity incidents involving claims were attributed to ransomware attacks, most of which were linked to the Royal, BlackCat, and LockBit 3.0 ransomware strains, a Coalition report revealed. Average ransomware losses during the first half of 2023 exceeded $365,113, which is the highest on record, while average ransom demands reached $1.62 million, which is 74% higher than the previous year.

While business email compromise claims declined during the first half of the year, funds transfer fraud claims rose by 15% over the same period, yielding losses of below $300,000, which was lower than $410,000 during the same period in 2021.

“The growing sophistication of threat actors and their tactics is a contributing factor in the upward trend in FTF claims severity,” said researchers.

Source…

Ransomware crew claims to have hit Save The Children • The Register

/in


Cybercrime crew BianLian claims to have broken into the IT systems of a top non-profit and stolen a ton of files, including what the miscreants claim is financial, health, and medical data.

As highlighted by VX-Underground and Emsisoft threat analyst Brett Callow earlier today, BianLian bragged on its website it had hit an organization that, based on the gang’s description of its unnamed victim, looks to be Save The Children International. The NGO, which employs about 25,000 people, says it has helped more than a billion kids since it was founded in 1919.

BianLian added that its victim, “the world’s leading nonprofit,” operates in 116 countries with $2.8 billion in revenues. The extortionists claim to have stolen 6.8TB of data, which they say includes international HR files, personal data, and more than 800GB of financial records. They claim to also have email messages as well as medical and health data.

Presumably BianLian intends to leak or sell this info if a ransom demand is not met. The NGO did not immediately respond to The Register‘s inquiries.

We should note The Register has not been able to verify the crooks’ claims. But we tend to agree with VX-Underground, which opined: “BianLian ransomware group needs to be punched in the face.” And while breaking into and extorting a nonprofit whose focus is to make children “healthier, safer and better educated” seems beneath even the most tragic of cyber-criminals, it’s pretty much par for the course with BianLian.

The crew, which has been around since June 2022, has made a name for itself by targeting healthcare and critical infrastructure sectors. 

While BianLian started off as a double-extortion ransomware crew — steal data, encrypt systems, and threaten to leak files and not provide a decryption key unless the victim pays a ransom — earlier this year, they shifted to pure extortion, as before but minus the encryption, according to government and…

Source…

Ransomware gang claims credit for Sabre data breach

/in


Image Credits: Pavlo Gonchar / SOPA Images/LightRocket / Getty Images

Travel booking giant Sabre said it was investigating claims of a cyberattack after a tranche of files purportedly stolen from the company appeared on an extortion group’s leak site.

“Sabre is aware of the claims of a data exfiltration made by the threat group and we are currently investigating to determine their validity,” Sabre spokesperson Heidi Castle said in an email.

The Dunghill Leak group claimed responsibility for the apparent cyberattack in a listing on its dark web leak site, alleging it took about 1.3 terabytes of data, including databases on ticket sales and passenger turnover, employees’ personal data, and corporate financial information.

The group posted a portion of the files they allegedly stole, claiming the full cache will be made “available soon.”

Sabre is a travel reservation system and major provider of air passenger and booking data, whose software and data is used to power airline and hotel bookings, check-ins, and apps. Many U.S. airlines and hotel chains rely on the company’s technology.

Screenshots seen by TechCrunch show several database names relating to booking details and billing containing tens of millions of records, though it’s not known if the hackers had access to the databases themselves.

Some of the screenshots seen contained records pertaining to employees, including email addresses and their work locations. One screenshot contained employee names, nationalities, passport numbers, and visa numbers. Several other screenshots show several U.S. I-9 forms of employees who are authorized to work in the United States. Several passports found in the cache corresponded with Sabre employees, including a Sabre vice president, according to their LinkedIn profiles.

It is not known when the alleged breach took place, but the screenshots posted by the extortion group show data that appears to be as recent as July 2022.

Little is known about Dunghill Leak, except that it is a relatively new ransomware and extortion group that evolved or rebranded from the Dark Angels ransomware, which came from the Babuk ransomware, according to security researchers at…

Source…

Experts Discuss Cyber Risk, From Law Enforcement to Insurance Claims

/in


To combat cyber activity, law enforcement agencies in the United States and abroad interact to exchange information about their cyber adversaries. The FBI maintains 56 field offices, each with a multiagency cyber task force manned with investigators, special agents, intelligence analysts, digital forensic technicians, and more, all with a focus on helping victims of cybercrime. These offices work with the Intelligence Community, the National Cyber Investigative Joint Task Force, and cyber assistant legal attachés to protect national security against cyber threats worldwide.

These agencies share intelligence information to keep the United States safe from cyber threats, and they also aim to develop relationships with private sector companies to share information about cyber activity before an attack occurs. Therefore, it’s important for the agencies to develop relationships with companies in the private sector. The agencies can deploy their cyber action teams within hours, domestically and globally, to assist companies onsite when a major incident or attack does happen. 

“If … a private sector company is about to get hit by a ransomware attack or by any other type of intrusion, we want to get out there immediately and let that victim know how they can best mitigate that attack,” said Scott. “We only can do that if we have the relationship built, and the better we do that ahead of time, the stronger those relationships are.”

As a success story, Scott discussed how the agencies worked as a team and shared information to take down the HIVE ransomware group. Hive was a ransomware variant that was a threat worldwide. In July 2022, the team gained persistent access to Hive’s control panel, which enabled the team to get the decryption key. Having that, the team was able to reach out and provide assistance to victims as they were being victimized by Hive. They responded to 1,500 victims in 48 states and 88 countries, preventing an estimated loss of $130 million to victims.

The FBI had always estimated that only 20% to 25% of cyber victims report a cyber incident. As a result of the team’s interaction with Hive victims, the FBI was able to substantiate that percentage.

Source…