Cyber Insurance Companies Loses $1.4 Billion In Court Case

Welcome back to Cyber Weekly - a weekly update on what's going on in the cyber world. With over 1000 people subscribed to this newsletter, we know these updates are important to the cyber community. Share this newsletter with those who could benefit.

‍

Crazy Cyber Insurance Story – Guess who lost $1.4 Billion?

Cyber insurance companies have an important exclusion in their insurance contracts. It’s called the “Act of War.” So, if a cybercrime is considered an “Act of War”, insurance companies do not have to cover for the damage related to a cyber attack. Well, in 2017, pharmaceutical company, Merck &Co.’s, got hacked by what we now know as NotPetya. Their insurance company denied coverage, refusing to pay, under the pretense that the attack was an “Act of War.” Merck took them to court. And won $1.4 billion. (Bloomberg)

My thoughts: This case is a huge warning sign to cyber insurance companies needing to be more specific on what is covered compared to what’s not covered. We should expect additional and stricter exclusions to be the norm when it comes to cyber insurance coverage. That will be hard on the average business. It will certainly be more difficult to get coverage. Cyber insurance is relatively new though. Do you think more businesses will consider it?

Steps To Cyber Security By The Canadian Centre For Cyber Security

Canadian Centre for Cyber Security is recommending critical infrastructures in Canada to take action in their cyber security initiatives. Here is the breakdown from their bulletin:

“The Canadian Centre for Cyber Security encourages the Canadian cybersecurity community—especially critical infrastructure network defenders—to bolster their awareness of and protection against Russian state-sponsored cyber threats…The Cyber Centre urges Canadian critical infrastructure network defenders to:

• Be prepared to isolate critical infrastructure components and services from the internet and corporate/internal networks if those components would be considered attractive to a hostile threat actor to disrupt. When using industrial control systems or operational technology, conduct a test of manual controls to ensure that critical functions remain operable if the organization’s network is unavailable or untrusted.
• Increase organizational vigilance. Monitor your networks with a focus on the TTPs reported in the CISA advisory (link available in English only). Ensure that cybersecurity/IT personnel are focused on identifying and quickly assessing any unexpected or unusual network behavior. Enable logging in order to better investigate issues or events.
• Enhance your security posture: Patch your systems with a focus on the vulnerabilities in the CISA advisory (link available in English only) enable logging and backup. Deploy network and endpoint monitoring (such as anti-virus software), and implement multifactor authentication where appropriate. Create and test offline backups.
• Have a cyber incident response plan, a continuity of operations and a communications plan and be prepared to use them.
• Inform the Cyber Centre of suspicious or malicious cyber activity.” (CTV NEWS)

My thoughts: Their list of recommendations is pretty good to build cyber resilience. Note, that the last step is optional. However, if you have any questions about the next step you should take in your cyber resilience initiatives, private message me. I would gladly answer any questions you may have.

Tourisme Montréal Confirmed a Cyber Security Incident in December 2021.

“We immediately retained security experts to investigate this matter further and ensure the integrity and security of our systems.” Francis Bouchard, the agency’s manager of corporate communications and public affairs said.

The agency, known in English as Visit Montreal, is one of many victims attacked by the Karakurt group.

The Karakurt posting, dubbed its Winter Data Leak Digest, says “the data amount we have obtained is speaking for itself. Which means there is a big hole in IT department that allowed us to exfiltrate everything we wanted.”

This may potentially affect the agency’s 900 local members and partners. (IT World Canada)

My thoughts: One month later and the investigation is STILL on-going.

Cyber Attack on Public School System Cancelling Class for over 75,000 Students

In Sante Fe, New Mexico, the Albuquerque Public Schools announced a cyber attack after trying to fend it off for a few weeks. They were one of 5 other public schools that were attacked over the last two years. It happened over the holidays which allowed the district to make plans, but they still needed to shut down the school for a few days. (Toronto Star)

My thoughts: Here are a few consequences of a cyber attack that most don’t consider:

1. Systems not working, meaning employees not being able to work.
2. Smart devices not working. So if you need to scan your ID to get in or out of he office building, that may be unavailable.
3. No access. The work that everyone has been working on might be lost for good.
4. If it affects employees or in this case, students, that means all those people will tell other people, who will tell other people. Even if you don’t report the incident, people will know. This may tarnish your brand.

Huge News: Russian Authorities Said They Dismantled REvil Ransomware Group

REvil was behind some of the biggest ransomware attacks like the Colonial Pipeline. But just last week, the US and Russia worked together. The Federal Security Service raided 25 residences tied to the group and seized approximately $6.8 million in various currencies. (CoinDesk)

My thoughts: A communal approach is the only way to survive cyber attacks. Helping each other out is the right lead taken on by these governments working together.

World’s Largest Quadruped Bionis Robot

“China has developed the world's largest electric-powered quadruped bionic robot, which is expected to join logistics delivery and reconnaissance missions in complex environments that have proven too challenging for human soldiers, including remote border regions and highly risky combat zones.” (Global Times)

My thoughts: Thought this was very interesting to share. Kind of scary.

Update from last week’s story: Ukraine says they have evidence that Russia is behind their cyber attack (The Guardian)

__________________________________

Access The Untold Stories of IT Professionals.

Assurance IT launched IT Spotlight - a weekly newsletter putting the spotlight on IT professionals. Get the inside scoop on their careers, their predictions in the industry and more. Once a week, every week, find out what other IT professionals are up to. Learn more here.

‍

‍