4 August 2023

15 min read

Cyber insurance does not incentivise victims to pay ransoms | Cyber Intelligence Briefing: 4 August

August 2023
Cyber insurance does not incentivise victims to pay ransoms | Cyber Intelligence Briefing: 4 August placeholder thumbnail

 

Top news stories this week

  1. Got you covered. Research suggests cyber insurance does not incentivise victims to pay ransoms.
  2. Go phish. Recent phishing campaigns target Microsoft Teams.
  3. Friend or foe? Iran-linked cloud services provider accused of hosting infrastructure for state-backed threat groups. 
  4. Parasite. Hackers exploit Ivanti zero-day vulnerability to compromise Norwegian government. 
  5. Up for grabs. University of West of Scotland data leaked post-ransomware attack. 
  6. Knocked out. DDoS attack blocks access to Israeli oil refiner BAZAN Group’s website. 


 

1. Research finds cyber insurance does not increase ransom payments  

Research from the UK’s Royal United Services Institute suggests that having cyber insurance does not significantly increase the likelihood of ransom payment by victims. The paper proposes that insurance firms play an important role in reducing cyber incidents by mandating cyber security best practices for coverage. 

So what?

Cyber insurance premiums have increased dramatically in recent years. To qualify for comprehensive coverage, it is important to ensure your business has made efforts to reduce its attack surface. For advice on improving your organisation’s security posture ahead of an insurance application or renewal, reach out to one of our experts. 

 


 

2. Russian phishing campaigns leverage Microsoft Teams

A Russian hacking group tracked as APT29 has been attacking multiple global organisations, including government agencies, through a Microsoft Teams phishing campaign. The group creates fake Teams accounts disguised as technical support and adopts social engineering tactics to trick users into granting MFA approval. 

So what? 

Phishing campaigns are not limited to email-based attacks. Organisations should implement regular training to help employees effectively recognise and report phishing attempts across multiple platforms.

 


 
 

 

3. Cloudzy accused of hosting infrastructure for nation state groups

A US-incorporated cloud services company called Cloudzy is allegedly providing server space to nation-state actors and ransomware operators, allowing them to carry out their illicit activities. The Iranian-linked company accepts cryptocurrency as payment to further facilitating anonymity. 

So what?

Rogue internet service and cloud providers play a significant role in facilitating cyber crime. They are often linked to jurisdictions outside the reach of Western law enforcement.

 


 

 

4. Hackers exploit zero-day to target Norwegian government entities 

US and Norwegian cyber security agencies have issued a warning about a zero-day vulnerability in Ivanti’s mobile endpoint management solution. Hackers began exploiting the vulnerability in April 2023, using it to gain unauthorised access to multiple Norwegian government agencies’ networks 

So what?

Organisations should immediately apply the patches released by Ivanti to safeguard against the zero-day vulnerability.

 


 

 

5. Scottish university's data advertised by cyber criminal group

Rhysida ransomware group has claimed responsibility for a cyber attack on the University of West of Scotland and have put the school’s data up for sale on their dark web leak site. The data includes sensitive information such as employee bank details and national insurance numbers. 

So what?

Cyber incidents can lead to the exposure of datasets containing personally identifiable information. Credit monitoring services can help affected data subjects monitor for potentially fraudulent activity.

 
 

 

 

6. Israel's largest oil refinery suffers DDOS attack

 

Israel’s largest oil refinery operator BAZAN Group has suffered a Distributed Denial of Service (DDOS) attackrendering its website inaccessible. BAZAN Group has since implemented geo-blocking measures to restrict external traffic access to their website. AIranian hacktivist group has claimed responsibility and posted alleged screenshots of internal systems, which BAZAN Group dismissed as misinformation. 

So what?

DDOS attacks cause major business disruption for organisations with critical services that rely on constant availability. Companies may consider implementing geo-blocking as a temporary solution when experiencing DDoS attack. 

 


 
 

CRA23_Winner ShieldS-RM is proud to have been voted Cyber Incident Response Team of the Year at Zywave’s 2023 Cyber Risk Awards. Read more here.

 

Cyber Intelligence Briefing

The S-RM Cyber Intelligence Briefing is a weekly round-up of the latest cyber security news, trends, and indicators, curated by our intelligence specialists.

To discuss this briefing or other industry developments, please reach out to one of our experts.

Authors

Miles Arkwright
Miles Arkwright
Associate, Cyber Advisory
James Tytler
James Tytler
Associate, Incident Response

James Tytler is an associate in S-RM’s incident response team. In addition to responding to a wide range of cyber security incidents, he also supports clients with cyber threat intelligence services.

Before joining S-RM’s cyber security team, James worked at a London-based corporate intelligence firm, where he specialised in Middle Eastern subjects.

James has a BA in Arabic and Persian from the University of Cambridge, and an MA in International Security from Sciences Po Paris. He speaks fluent French.

Miles Arkwright
Miles Arkwright

Associate, Cyber Advisory

James Tytler
James Tytler

Associate, Incident Response

Share this post

Subscribe to our insights

Get industry news and expert insights straight to your inbox.