Monitor your cyber insurance coverage, threat actors abusing SaaS platforms and more.
Welcome to Cyber Security Today. Today is Wednesday, August 24, 2022. I’m Howard Solomon, contributing cybersecurity reporter for ITWorldCanada.com.
If your organization can afford with increasingly stringent requirements and costs, cybersecurity insurance is an important part of its risk mitigation strategy. But watch out for the fine print. The cybersecurity news site called Registration reports that Lloyds of London, which underwrites cyber policies from a number of insurance companies, is requiring providers to make it clear that they will not cover damage ‘arising from war’ or cyber attacks supported by the state that significantly impede a state’s ability to function. From next April, policies must specify this. The story quotes an insurance company saying policies already exclude acts of war from coverage. But a university professor is quoted as saying the change almost equates state-sponsored cyber attacks – which are common – with acts of cyber warfare.
Always with cyber insurance, make sure you fully understand the intricacies of your policy. Consider this recent history. A computer dealer in Minnesota was tricked into wire nearly $600,000 into a crook’s bank account. The company made an insurance claim under its social engineering fraud agreement. However, damages under this clause were limited to US$100,000. There was a separate clause covering computer fraud where damages could be covered up to US$1 million. The company tried unsuccessfully to modify its request. Then he sued the insurance company. Earlier this month, a judge dismissed the lawsuit, ruling the incident was in fact a social engineering fraud.
Commentators from the SANS Institute said this is an example of why it is important to read the fine print of a policy. They also claim that multi-factor authentication would have made it harder for the attacker to compromise the purchasing manager of the IT company, where this scam started. And the company’s lack of a formal payment approval process contributed to the scam.
Software as a service platforms like website builders, file sharing sites, note taking sites, design prototyping and form builders need to tighten their security, say Palo Alto Networks researchers. Indeed, hackers use these platforms to host their phishing pages instead of creating their own. A scammer sends an email for payment or says a sender has a document to share, asking the victim to click through and see it. When they do, they go to a web page that asks for their username and password. Who is captured by the scammer. The trick is that the URL or web address of the platforms used by the scammers are not considered suspicious by phishing detection apps because they are on an accepted SaaS platform. It is important that security teams educate staff to be cautious before connecting to online platforms, especially if they are going there from an email.
Organizations that use Gmail, Yahoo Mail, and Microsoft Outlook should ensure their staff use strong passwords and multi-factor authentication to protect their accounts if they haven’t already. This warning comes after the discovery by Google Threat Analysis Group of a new email exfiltration tool used by an Iranian threat group dubbed Charming Kitten. If the group is able to steal or guess a victim’s username and password, the tool can spoof the account to look like an outdated browser, allowing a basic HTML view in Gmail. Then the tool downloads the contents of the victim’s inbox, marking it as unread so that the victim is not notified. So far it has been used against targets in Iran, but the threat actor could use it against people in other countries.
That’s all for the moment. Remember that links to podcast story details are in the text version on ITWorldCanada.com.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.