What is Cryptomining?

Cryptomining

So what is Cryptomining ? 

This is an emerging cyber threat to businesses where hackers gain access to cryptocurrencies by utilizing a computers’ processing power .

A recent report by Checkpoint Research revealed that 20% of companies are the subject of cryptoming attacks every week and a leading source of malware attacks.

https://www.checkpoint.com/press/2019/cryptominers-hit-10x-more-organizations-than-ransomware-in-2018-but-only-1-in-5-it-pros-aware-of-infections-shows-check-points-2019-security-report/

How is Cryptomining carried out ?

This involves the use of a computers’ processing power to solve very complexed mathematical equations in order to confirm that cryptocurrency transactions are as they should be. As a sign of reward the cryptocurrency provides a specific amount of the cryptocurrency to the user who has verified the transaction the quickest.

The more computers utilized the quicker that it is possible to mine the cryptocurrency in question, this however does generate an enormous amount of actual processing power and bandwidth which in turn requires a great deal of electricity to facilitate this.

Out of the 21 million bitcoins available, 17 million have already been mined leaving just 4 million.

How do Hackers infiltrate the computer system?

  • Hackers can fool a user to download a cryptomining code to their computer system via a phishing attack normally disguised in an e-mail where a link is innocently clicked upon. This will then be activated so that the code can access the computer.
  • An alternative to this is where a user visits a website that contains a code which operates in the background to mine cryptocurrency.
  • Similarly a user could click on an ad pop up where again it operates without the user knowing whilst the code takes advantage of the processing power of the computer.

The principle concern with cryptomining is that these forms of cyber attacks can go undetected for sometime without the user being aware of what is happening to their computer system.

Proactive Risk Management 

When a cryptomining incident has been discovered it is of course too late to do anything about but measures should be put in place to avert a reoccurrence these can include:-

  • Ensure all computer systems are effectively and regularly patched
  • Make regular back-ups are carried out.
  • Improved training of users so that a potential attack can be identified.
  • Implementation of zero day prevention techniques
  • The cloud is a common threat vector for cryptomining and focus should be given on the latest security protection available.

Cyber Insurance

This form of specialist insurance can provide coverage for cryptomining where a business suffers a financial loss arising from this type of cyber attack. Just as important is the vendor services that this policy provides which includes forensic investigation and the use of legal assistance in managing and mitigating this form of cyber attack. 

 

 Image : Shutterstock

Winter Olympics Viewed As Cyber Target

Winter Olympics

The Winter Olympics has already captured the attention of hackers and with this major event only a few days away the cyber threat is very real …..

Hackers have already targeted the Winter Olympics with a number of organisations being subject to attacks in an effort to gain access to sensitive information.

MacAfee have revealed that a hacking campaign has been in place for a while which appears to be backed by a nation state . The targets have been ice hockey teams and ski-ing suppliers discovered.

https://www.wired.com/story/pyeongchang-winter-olympics-cyberattacks/

Why the Winter Olympics?

Major sporting events grab the attention of the entire world but unfortunately this also attracts elements of the population who perceive this as an opportunity to be exploited  ….. the world of cyber crime.

The threat that cyber crime poses to an event such as this is similar to that which exists for any other business but on a much larger scale and with more dramatic consequences due its high profile and the many threat vectors that exist.

The Cyber Threat Landscape

Some of the targets for cyber criminals are likely to be the following :-

1.The Official PyeongChang 2018 Website

Distributed denial of service (DDoS) attacks preventing access to website by fans.

The accessing of the website by hackers, altering the data such as falsifying the results and interfering with medal tables.

Defacement of the website by a hacktivist.

Spectators and visitors will no doubt access the website via Wi-Fi and vulnerability will exist if they inadvertently log in through a rogue Wi-Fi connection which could lead to the stealing of their personal data.

2.Event Tickets

Ticket fraud with the setting up of bogus websites taking fans money and issuing counterfeit tickets.

Website scamming offering last minute match day tickets for the big events with no ticket actually being produced.

3.The Venues

Technology will be pivotal in all aspects of the running of the 15 venues being used in PyeongChang . Entry to the venues, ticketing processing, management of lighting and associated infrastructure would all be impacted in the event of a cyber attack.

4. Competitors Data 

The event will involve a huge amount of data ranging from credit card data of spectators, athletes confidential information or the database of the organizers which is likely to be targeted by hackers. This could occur through phishing attacks in order to steal personal private information (PPI)and then lead to possible bank fraud of individuals. Brazil does have an established reputation for on-line banking fraud.

5.E-mail Transmission

E-mail scamming could be caused by bogus e-mails set up to obtain athletes and officials personal information that could be disseminated over the internet. The endless sending and exchanging of e-mails also presents an opportunity or spamming.

6.Media Coverage

World wide coverage will be provided to this event by television companies who will be reliant on technology and the service could be interrupted or even blacked out by a hacker wishing to cause transmission downtime. For example a video re-run of the 200 m final could be disrupted by a ransomware attack.

7. Computer Network 

The spreading of a malware attack within the internal computer network and third party providers could cause enormous interruption to the running of the numerous events taking place. The reliance on technology reaches far and wide ranging from the transportation network to close circuit TV surveillance systems.

8. Mobile Applications 

Fake mobile apps devised by developers to give the impression of the official Winter Olympics app. Smartphones area also at risk if stolen and personal data is sourced.

9.Cyber Terrorism

Cyber terrorism could occur in a number of forms. A ransomware attack would limit or entirely restrict the use of computer systems affecting the running of the Winter Olympics.

There may be political motivation from countries that want to disrupt the event. This could be to make a political stand on an issue or perhaps a country that failed to win an event or perhaps a competitor that was disqualified and the country that was represented takes retaliation.

The threat of remotely controlled drones by cyber terrorist entering an event causing disruption and delay to matches.

10.Social Media

Infiltration of social media websites by hackers of the tournament and personal accounts pose a threat to fans , players and officials privacy.

Cyber Risk Management Program

The International Olympic Committee will no doubt have in place a comprehensive cyber risk management program to manage the programs of events which is likely to be broken down into the following :-

  • Identification of cyber risk vectors
  • The mitigation of cyber risk within the tournament
  • The transfer of residual cyber risks that they are unwilling or unable to manage.

Cyber Insurance

Cyber Insurance can assist with the transfer of cyber risks associated with sporting events by providing the following insurance modules :-

  • Network Security Liability
  • Data Privacy Liability
  • Multimedia Liability
  • Network Business Interruption
  • Data Asset Protection
  • Cyber Extortion
  • Crisis Management

A cyber insurance policy also provides post breach vendor assistance helping with data breach notification , forensic investigation and public relations.

The Winter Olympics is global event that is reliant on technology which does make it especially vulnerable to cyber security threats, it is therefore important that these are recognized and measures are put in place to mitigate the potentially severe consequences that could impact on the games.

This post is based on “Rio 2016 – The Cyber Threat”

http://cyberbrokers.co.uk/rio-2016-cyber-threats/

Image : Shutterstock

 

Navigating Cyber Risk At Sea

Cyber Risk

Navigating Cyber Risk At Sea  

The maritime sector is not immune from the every day cyber risks that other transport industry sectors experience. with a high reliance on technology giving rise to similar cyber risk profiles and the ensuing threats vectors.

Ships that are now built rely on software to run their engines and GPS navigational systems to move from A to B, the impact therefore of a cyber attack from a hacker has the potential to cause severe disruption to the running of the ship.

There is an apparent lack of under reporting of cyber attacks in the shipping world with the true extent of cyber attacks not yet really known.

Cyber risk does not only exist at sea , cargo handling and container tracking at ports are also very dependent on technology which forms part of the cyber threat landscape that ships face.

To help this sector manage safety and security The International Maritime Organization, a United Nations agency released a set of draft guidelines on maritime cyber risk management which identified the following key areas:-

  • Identify: Definition of the roles and responsibilities for cyber risk management of individuals in order to assess cyber risks
  • Protect: The implementation of risk control processes to manage cyber attacks
  • Detect: The installation of systems to detect new and existing cyber risks
  • Respond: Procedures in place to provide cyber resilience and the ability to restore computer systems
  • Recover: Effective recovery procedures to back up and restore shipping operations

http://www.imo.org/en/MediaCentre/HotTopics/piracy/Pages/default.aspx

Possible Types of Cyber Threats

1.Hackers accessing a shipping management systems so that data can be accessed providing details of future shipments and route.

2.Hackers utilizing a GPS system to direct a ship to unsafe waters which may lead to an attack from pirates so that cargo can be stolen

3.Cyber terrorist hacking into a cruise ships’ navigation system in order to cause loss of life or some form of physical damage to the ship.

4.Curtailment of a transportation ship by hackers accessing navigational systems and delaying the ship in reaching it destination and causing goods to perish.

5.The hijacking of a oil tanker via its GPS system by a hacker which leads to the tanker being taken to a different destination.

6. The cyber extortion of ships’ navigational systems that paralyzes it therefore making it is unable to move or reach its’ end destination.

The emerging cyber threat of the Internet of Things is also an new area of concern that will become more prevalent in the coming years.

Can Insurance Help?

The majority of Marine Insurance policies include a cyber attack exclusion clause which is likely to lead to the sector considering the purchase of a stand alone specific cyber insurance policy which will address a number of the associated cyber risks that the maritime sector faces.

It must be stressed that insurance is only part of the process of the cyber risk management process and should be treated as such.

Image : Shutterstock

Should we share Cyber Security information ?

cyber security

Should we share cyber security information ?

Is this a good idea… there are very good reasons why we should share cyber security information and there are also reasons that perhaps it may not be such a good idea.

The current landscape seems to be moving towards the sharing of this confidential and sensitive information with regulation being imposed on both sides of the Atlantic in recent months to promote and encourage the sharing of cyber security information.

At the end of last year  the EEC announced The Network and Information Security Directive (NIS) which is a security and reporting directive for companies in critical business sectors , namely transport , energy , health and finance. This is also applicable to the businesses such as Google and Amazon.

This Directive includes a requirement to report cyber security breaches which is aimed to encourage greater visibility of cyber crime and data breaches within companies and for companies to address their own cyber security.

It is anticipated that this will be ratified in the Spring, with implementation anticipated within the next two years.

In the US , also at the end of last year, the Cybersecurity Information Sharing Act (CISA) was passed by the Senate which allows companies to share cybersecurity threat data with the Department of Homeland Security (DHS) and other federal agencies. A number of bodies that already exist in the US which include the sharing of cybersecurity information . These include Enhanced Cybersecurity Services (ECS) which is a  voluntary information sharing program and whose aim is to help better protect busineses customers and the National Cybersecurity and Communications Integration Centre (NCCIC) which shares  information with public and private sector partners.

In the UK the Cyber-security Information Sharing Partnership (CiSP) exists which is part of CERT-UK . This is a joint industry government initiative set up to share cyber threat and vulnerability information in order to increase overall awareness of cyber threats and help mitigate the impact this may have on UK businesses.

The British Insurance Brokers Association ( BIBA) have recently endorsed (CiSP) to encourage insurance brokers to join CiSP to share the knowledge of over 4000 cyber-security professionals from over 1500 organisations. The government is also very keen that the insurance industry works closer with cyber security professionals and it is likely that we will see evidence of this in the future via associations and collaborations.

Let’s now review the positives and negatives of sharing cyber security information :-

Positives

  • It provides information to business on the latest forms of malware, spear phishing campaigns, and known malicious domains
  • Improvement in technology to combat the latest forms of security threats
  • Information derived from claims that insurers can assess / rate and improve the coverage under cyber insurance policies.
  • Assessment of insurers aggregation
  • Information to help insurers analyse cyber catastrophe models
  • Provision of knowledge to help anticipate future terrorists lead cyber attacks

Negatives

  • Possible release of confidential information of cyber attacks and data breaches to third parties
  • The information provided may impact on a company to carry out businesses with existing customers being concerned with poor cyber security measures.
  • Collateral damage to reputation of a business and impact on stock market share price
  • Hackers gain access to extremely sensitive data bases
  • Perceived by some that “big brother” is spying and will encourage surveillance of businesses
  • Inadvertent sharing of personally identifiable information

The cyber security industry also has an important role to play as they are arguably possess the greatest amount of cyber security data, this is no doubt considered valuable intellectual property and there would be a reluctance to readily share this to a wider audience without distribution to secure destinations.

The sharing of cyber security information is more advanced in the US than the EEC / Rest of the World and is reflective of two very differing cyber landscapes , with the US being more mature in terms of number and size of cyber security breaches and the existing litigation that helps drives notification.

The sharing of cybersecurity information definitely has a role to play in the development of the improvement of cyber security and the defence of cyber attacks that can threaten a business……  how it is shared is perhaps the current dilemma facing governments and regulators.

EU – US Privacy Shield – is data safe again?

Privacy

The privacy of the transfer of data between the UK and US received a boost this week when the European Commission announced that political agreement had been reached on what is effectively a replacement of the Safe Harbor, known as the “Shield Decision”. A Working Party has subsequently published their initial reactions which the European Commission must take into account if the Working Party does not agree with “The Shield Decision”. In the event that that national data protection authorities refuse transfers on the basis of this decision this will be raised to the European Court of Justice.

This is the result of three months of negotiations between the EU and US  after the fall of the Safe Harbor agreement that existing up until October last year. The deadline of 31st January was missed as negotiations over run with both parties failing to agree new privacy boundaries.

In the meantime it is understood that local data protection authorities will continue to accept standard contractual clauses and binding corporate rules for transfers  of data to the US, providing privacy protection between these countries.

The main obligations imposed on firms handling Europeans personal data are as follows:-

  • US firms will need to commit to “robust obligations”  on how personal data is processed and individual rights guaranteed . This will be monitored by the US Department of Commerce.
  • Clear safeguards and transparency obligations will be imposed on the US Government which will set out specific limitations for law enforcement and national security reasons
  • There will be protection for EU citizens rights with options for redress. This will include avenues for citizens who feel the privacy of their data has been misused with strict guidelines for response to complaints

It is by no means “home and dry” , in addition to the Working Party involvement , Europe’s national privacy agencies meet to pass their own judgement on how data can be safely moved from the EU.

How does this impact on the cyber insurance market and insurers perception of data being at risk ?

It is too early to assess the impact of this decision , especially as the “Privacy Shield” has some way to go before being fully ratified , but any privacy protection laws and regulations assists cyber insurers in being more comfortable with the associated risks of loss of personal data and individuals privacy.