Tag Archive for: year

The $10 billion cyber-insurance industry sees a dangerous year in cybercrime ahead. AI, ransomware, and war are its biggest concerns

/in


It’s rare to find an insurance policy against war breaking out, but there’s a $10 billion market for cyber-insurance that guards against the threat of ransomware attacks. With the world as violent and turbulent as it is right now, though, lines between the two are blurring.

The ongoing wars in Ukraine and Gaza have insurers on such high alert that many simply aren’t offering coverage any longer, on top of which AI is creating new and unpredictable cybersecurity risks. And insurers expect a “significant” increase in hacks in 2024, to boot.

Those were the three key findings of a new report on cyber-insurance trends from consultancy Woodruff Sawyer. Insuring against cybercrime has grown from a tiny niche to a $10 billion market, with firms that offer coverage ranging from small specialty carriers to household names such as Chubb and Travelers. They offer coverage for losses incurred relating to companies’ IT and computer systems—for example, if companies are hacked and lose data or have to pay ransoms to get it back.

Woodruff Sawyer surveyed over 40 of its clients and found that the industry has a gloomy outlook this year: 56% of respondents said they believed cyber risk would “increase greatly” in 2024. They pointed to ransomware and war-associated risks as two of their biggest concerns.

“If you have an attack that is part of a war campaign, it can affect private companies across the globe that have nothing to do with war,” said Woodruff Sawyer national cyber practice leader Dan Burke in an interview with Fortune. “That is the true risk that’s elevated by conflict and war and geopolitical tension. That’s really what underwriters are mostly concerned about.”

A famous example of this type of ransomware attack was a virus called NotPetya, which circulated in 2017. Originating in Ukraine, it quickly went global and compromised the computer systems of dozens of companies, including drug giant Merck and shipping company Maersk. The White House estimated it caused $10 billion in damages.

“The NotPetya attack was a Russian-based attack against an accounting software in Ukraine. And it turns out that that specific piece of software was used by multinational…

Source…

Cyber Security Today, Dec. 27, 2023 – A record year for ransomware

/in


A record year for ransomware.

Welcome to Cyber Security Today. It’s Wednesday, December 27th, 2023. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S.

 

 

The year isn’t quite over but it’s clear that 2023 hit a record for ransomware attacks. Researchers at NCC Group say that as of the end of November the total number of attacks around the world hit 4,276 — slightly more than twice as many as last year. And December’s numbers haven’t been added.

More year-end numbers to consider: More than 26,000 vulnerabilities were discovered this year, according to researchers at Qualys. However, less one per cent of them were high risk — about 7,000. And of them, only 206 had weaponized code available. These are the ones information security professionals have to pay attention to, because they are the most likely to be exploited. By the way, of those 206 vulnerabilities, just over 32 per cent were involved network infrastructure or web applications. High-risk holes need to be patched or mitigated fast. According to the research, the mean time to exploit vulnerabilities this year was 44 days. However, many times threat actors were able to create an exploit the same day a vulnerability was publicized.

Speaking of the need for fast patching of critical applications, here’s something to ponder: On a podcast earlier this month I reported that a vulnerability in JetBrains’ TeamCity application development platform was being exploited by a Russian-based group. According to a new report from ReversingLabs, a patch for that hole was released in September. But by this month only two per cent of TeamCity administrators had installed it.

Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.

Source…

Google Flags 8th Chrome Zero-Day of the Year

/in


Governance & Risk Management
,
Patch Management

Exploit for WebRTC Exists in the Wild

Mihir Bagwe (MihirBagwe) •
December 21, 2023    

Google Flags 8th Chrome Zero-Day of the Year
Image: Shutterstock

Google rolled out security updates Wednesday for its Chrome web browser to fix a critical vulnerability exploited in the wild.

See Also: 10 Belt-Tightening Tips for CISOs to Weather the Downturn

“Google is aware that an exploit for CVE-2023-7024 exists in the wild,” Chrome’s security advisory said.

The zero-day vulnerability is a heap-based buffer overflow bug in the open-source WebRTC framework.

WebRTC is a critical component that allows real-time communication and data exchange between different browsers and devices. It focuses on audio and video traffic, allowing developers to build voice- and video-communication solutions. WebRTC provides software developers with application programming interfaces written in JavaScript.

Clément Lecigne and Vlad Stolyarov of Google’s Threat Analysis Group discovered and reported the flaw.

It marks the eighth Chrome zero-day of the year. Lecigne in September reported another heap-based buffer overflow zero-day that was fixed but was “in use by a commercial surveillance vendor,” at the time (see: Chrome Patches 0-Day Exploited by Commercial Spyware Vendor).

Details of the latest zero-day are scarce as “access to bug details and links may be kept restricted until a majority of users are updated with a fix,” Google said. Google is trying to reduce the likelihood of threat actors developing newer exploits by not disclosing complete technical information. Data from cybersecurity firm Qualys stated that 25% of the high-risk security vulnerabilities discovered in 2023 had been…

Source…

Africa: 2023 cyberthreats landscape, next year predictions

/in


In recent years, of African countries are working hard to adopt 2030 African digital transformation agenda. Finance, education, agriculture, government, security, and manufacturing, are actively adopting digital technologies and transitioning their operations to online platforms.

As we advance in technology throughout the continent, nations need to remember, cybersecurity and personal data protection are fundamental principles in the implementation of the digital transformation project in order to minimise the challenges that come along with the technology.

The year 2023 was filled with countless cyberattacks across many countries — Some of these attacks targeted critical infrastructure, financial institutions, governments and other companies.

As African countries are now pushing for digital transformation and experiencing rapid economic development, cybersecurity remains a pressing concern for businesses across Africa.

Unfortunately, some of the African countries indicate inadequate security measures to fight off cybercrime, leaving them highly susceptible to cyberattacks — They have weak prevention mechanisms to combat cyber threats and poor intrusion detection systems, thereby placing sensitive transactions at significant risk.

There is an increase in the volume and sophistication of cyberattacks in financial institutions. According to the 2023 Africa Financial Industry Barometer, 97% of surveyed leaders of financial institutions in Africa rank cybercrime and regulatory constraints on cybersecurity as the leading threat to the financial services industry alongside worsening economic conditions.

These massive cyberattacks in the region threatens the security of the growing economy and critical infrastructure.

MTN Nigeria, lost $53 million from its mobile money service which forces them to sue several banks in the Nigeria, financial institutions and e-citizen portal where halted by distributed denial of service attack in Kenya, South Africa there is an increase in backdoor and spyware attacks with an alarming 106,000 recorded attempts.

There are many similar cybersecurity incidents in other African countries and there is a need of urgent action to strengthen…

Source…