11 January 2019

IRM Weekly Cybersecurity Roundup: NotPetya cyber-attack and more

Our weekly cybersecurity roundups gather the most important headlines in the industry from the last seven days. If you want the weekly roundup delivered straight to your inbox, sign up to the IRM newsletter.

Mondelez sues Zurich in first cyber-attack insurance dispute

US food company, Mondelez, is suing its insurance company, Zurich, for refusing to pay out $100m for damage caused by the NotPetya cyber-attack.

The attack crippled Mondelez’s computer systems in 2017, causing billions of dollars of damage. 1,700 servers and 24,000 laptops were supposedly rendered unusable after the attack. Mondelez hoped to claim on its cybersecurity insurance policy.

Zurich, however, are refusing to pay out on the claim based on the exclusion in their policy for “hostile or warlike action”. As the NotPetya cyber-attack is thought to be caused by Russian hackers who attacked the Ukrainian government, Zurich are relying on this circumstance.

The dispute is now forcing other insurers to rethink their cyber-specific insurance policies.

You can read more here.

Insurer pulls off ‘bike shop’ stunt to raise awareness of cybercrime

Hiscox insurers staged a cyber-attack in London this week by mocking up a bike store across the road from the original.

They then used various cyber-attacks including diverting genuine stock deliveries to the fake store to highlight the impact of a phishing scam, and a ransom note demanding Bitcoin.

You can read more here

Is two-factor authentication no longer safe?

A video shared by security company KnowBe4 showed how two-factor authentication (2FA) could be vulnerable to hacking.

How does it work? The person logging into the website clicks on an authentication link, which then invites them to enter the code sent to their mobile phone. However, the cybercriminal tool means that the login goes through the hacker’s server and they are able to obtain the session cookie. Having the user’s session cookie removes the need for usernames, passwords or 2FA.

The tool that allows hackers to carry out these types of attacks is now public; meaning anyone with the slightest cyber knowledge could use it. You can read more here.

Similarly, a Polish security researcher this week has publicly released a new reverse proxy tool for penetration testers which can also bypass 2FA schemes. You can read more about the controversial release of this tool here.

Are you attracted to the bait?

A discussion between Tech Republic and a VP and Chief Security Architect has highlighted some interesting challenges when preventing phishing attacks.

Some of the areas covered in the interview include the public’s instinct to share information, rather than protect it, and how companies struggle to protect consumer data without the end user’s support.

Other challenges highlighted include the user psychology and how we have become accustomed to ignoring security warnings.

You can read more here.

Quick fire updates

The future is in the cloud – Security Information and Event Management (SIEM) systems are predicted to move from on-premises servers to the public cloud by the end of 2020. These predictions are based on the massive growth of security data, the increasing costs of software and cybersecurity skills shortages. Read more here.

How a cyber-attack crippled an Alaskan community – In 2018, a malicious attack on the small town of Palmer forced them to turn to electronic typewriters. The incident has so far cost them more than $2m and it’s thought that the attack is linked to the Chinese Government. Read more here.

Man admits to one of Germany’s biggest data breaches – The 20-year-old admitted to hacking and releasing the private details of almost 1,000 public figures, including German politicians. The data, ranging from private telephone numbers to family photographs, had been released in the style of an advent calendar on Twitter in December 2018. Read more here.

Security flaw in Microsoft Office365 – Researchers at a cloud security company have discovered there is a bypass in Office 365’s Safe Links URL protection features. The idea is that the feature will check the URL the user has clicked on in an email to ensure it doesn’t contain anything malicious. However, this new discovery shows that hackers can bypass this reputation check by using ‘Zero-Width SPaces’. Read more here.

Man sentenced for hospital cyber-attack – A Massachusetts man has been sentenced to 10 years in prison. This is after he carried out a cyber-attack on a hospital on behalf of Anonymous, the hacking activist group, to protest a high-profile custody dispute. Read more here.

To receive this blog direct to your inbox every week, sign up to our newsletter.

If you have any questions about this week’s roundup, or want to understand how you can improve your cybersecurity strategy, get in touch with IRM.