Watch your cyber insurance coverage, threat actors abusing SaaS platforms and more.
Welcome to Cyber Security Today. It’s Wednesday, August 24th, 2022. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.
If your organization can afford the increasingly tough requirements and the cost, cybersecurity insurance is an important component of its risk mitigation strategy. But watch the fine print. The cybersecurity news site called The Record reports that Lloyds of London, which underwrites the cyber policies of a number of insurance companies, is requiring providers to make it clear it won’t cover damages “arising from a war” or state-backed cyberattacks that significantly impair the ability of a state to function. Starting next April policies have to make that clear. The story quotes one insurance firm saying policies already exclude acts of war from coverage. But a university professor is quoted as saying the change almost equates state-backed cyber-attacks — which are common — to acts of cyberwar.
Still with cyber insurance, make sure you understand the intricacies of your policy. Consider this recent story. A Minnesota computer reseller was tricked into wiring nearly US$600,000 to a crook’s bank account. The company made an insurance claim under its social-engineering fraud agreement. However, the damages under that clause were limited to US$100,000. There was a separate clause covering computer fraud where damages could be covered up to US$1 million. The company tried and failed to change its claim. Then it sued the insurance company. Earlier this month a judge dismissed the lawsuit, ruling the incident was in fact social-engineering fraud.
Commentators at the SANS Institute said this is an example of why reading the fine print of a policy is important. They also argue that having multifactor authentication would have made it harder for the attacker to compromise the computer company’s purchasing manager, where this scam started. And not having a formal company payment approval process was a contributing factor to the scam.
Software-as-a-service platforms like website builders, file sharing sites, note-taking sites, design prototyping and form builders need to tighten their security, say researchers at Palo Alto Networks. That’s because threat actors are using these platforms to host their phishing pages instead of building their own. A crook sends out an email for a payment or says a sender has a document to share, asking the victim to click and see it. When they do they go to a web page that asks for their username and password. That gets captured by the crook. The trick is the URL or web address of platforms used by crooks, aren’t seen as suspicious by phishing detection applications because they’re on an accepted SaaS platform. It’s important that security teams educate staff to be careful before logging into online platforms, particularly if they go there from an email.
Organizations that use Gmail, Yahoo Mail and Microsoft Outlook need to ensure their staff use strong passwords and multifactor authentication to protect their accounts if they haven’t already done so. This warning comes after the discovery by Google’s Threat Analysis Group of a new email exfiltrating tool used by an Iranian-based threat group dubbed Charming Kitten. If the group is able to steal or guess a victim’s username and password the tool can spoof the account to look like an outdated browser, which enables a basic HTML view in Gmail. Then the tool downloads the contents of the victim’s inbox, marking them as unread so the victim isn’t tipped off. So far it’s been used against targets in Iran, but the threat actor could use it against people in other countries.
That’s it for now Remember links to details about podcast stories are in the text version at ITWorldCanada.com.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.