Contact us

1300 GOCYBER (1300 462 923)

Call or email us today!

Contact details:

Message:

Your message has been sent successfully. Close this notice.

Cyber Insurance Quote Form

Limit of Liability

Company Details

Do you process, transmit or store more than 10,000 financial transactions per year?

Yes No, less than 10,000

Do you use and keep up to date firewalls and anti-virus protection for all systems?

Yes No

Do you use third parties to complete audits of your system and security on a regular basis?

Yes NO

Are all portable devices password protected? (mobile phones, laptops, tablets, etc)

Yes No

Do you have encryption requirements for all data including portable media?

Yes No

Do you have back-up and recovery procedures for business critical systems, data and info assets?

Yes No

Do you outsource any part of your network, including storage?

Yes, we use third party providers. No, all managed in house

Do you store sensitive information on web servers?

Yes No

Do you know of any loss payments, fines or penalties being made on your behalf?

Yes No

Are you aware of any matter which might give rise to a claim or loss under such insurance?

Yes No

Have you suffered any loss or claim but not limited to a regulatory, governmental or administrative action brought against you, or any investigation or information request concerning any handling of personal info?

Yes No

The applicant or any subsidiaries have any knowledge of any loss payments, fines or penalties being made on behalf of any applicant or any person proposed for coverage any cyber policy or similar insurance?

Yes No
Your quote request has been sent successfully, one of our brokers will contact you today! Close this notice.

Business Insurance Quote

Contact details:

Sections

Property & Contents

Yes, please quote No, thank you

Public & Products Liability

Yes, please quote No, thank you

Cyber Liability

Yes, please quote No, thank you

Theft & Money

Yes, please quote No, thank you

Computers & electronic equipment

Yes, please quote No, thank you

Business Interruption

Yes, please quote No, thank you

Machinery Breakdown

Yes, please quote No, thank you
Your quote request has been sent successfully, one of our brokers will contact you today! Close this notice.
3 years ago · by · 0 comments

Who Needs Cyber Insurance?

IT-work-employee-staff

In short – Everyone!

For the past few years the media has been reporting large scale attacks such as Yahoo, AirBnB, LinkedIn, Myspace and a long list of others. In reality between 40% to 60% of all cyber attacks on Australian businesses are targeted at small to medium sized companies. Reports suggest this is due to a few important factors but a lack of security procedures and lower levels of employee risk awareness seem to be the major ones.

PwC found 65 per cent of Australian organisations experienced cybercrime in the last 24 months with more than one in 10 reporting losses of more than $1 million (compared to the global average of 32 per cent).

When you consider that 84% of Australian small and medium businesses are online and 1 in 2 are receiving payments online, Australia is a very attractive target for the would-be cyber criminal.

Cyber Security Web of connectivity

From Australian Cyber Security Strategy

 

Check out this short video from the National Insurance Brokers Association (NIBA) which succinctly summarizes who needs cyber insurance and why.

 

 

 

The 5 industries with the highest recorded amount of cyber-attacks 2015 – 2016:

1. Healthcare

2. Manufacturing

3. Financial Services

4. Government

5. Transportation

 

According to the 2016 IBM  X-Force Cyber Security Intelligence Index — which reports more than 100 million healthcare records were breached last year. The IBM report is based on data they have collected from thousands of network devices they monitor in over 100 countries.

Between July 2015 and June 2016, CERT Australia –  the main point of contact for cyber security issues affecting Australian businesses – responded to 14,804 cyber security incidents, 418 of which involved systems of national interest and critical infrastructure.

PwC Australia national cyber leader Steve Ingram, who previously headed fraud and security management for the Commonwealth Bank, says cyber attacks happen all the time. “It’s prolific,” he says

 

Here is another great cyber insurance summary from the KnowRiskNetwork.

Conclusion

In the past, business leaders adamantly avoided talking about cyber security processes or breaches for fear of reputational damage and legal fallout. We are slowly seeing more businesses who are not reluctant to talk about their cyber security hurdles and recognize the overall business risk not simply an IT risk.

Cyber Insurance Australia Logo

 

Help protect your business with cyber insurance.

 

Read more

3 years ago · by · 0 comments

What Mandatory Data Breach Notification Means for Australia

cyber security, lock

Breach Notification Bill Expected to Pass in 2017

Australia is currently on the receiving end of an estimated 10 million cyber attacks per year according to professional services firm, Deloitte. With such a large dragnet across Australian businesses it is inevitable that there will be some eye opening data breaches in the coming year and widespread change to company security procedures. We previously wrote about some of the largest data breaches and exposures of 2016 which indicated approximately 2.2 billion personal records were revealed to have been compromised from 2015 – 2016.

The proposed bill which has been passed by the lower house but is still yet to be introduced in the senate will make it a requirement to notify the Australian Information Commissioner and affected individuals if their privacy has been breached. With the exception of eHealth data breaches falling under the My Health Records Act 2012, mandatory data breach notification does not exist yet in Australia. The former Labor government’s Privacy Amendment (Privacy Alerts) Bill 2013 received bipartisan support to introduce such a scheme, but did not pass the parliament before the 2013 election.

Most government agencies, businesses with an annual turnover in excess of $3 million, as well as a number of smaller organisations, such as those handling sensitive health data are all currently subject to Privacy Act obligations.

Official summary of the bill below:

“Privacy Amendment (Notifiable Data Breaches) Bill 2016 implements recommendations of the Parliamentary Joint Committee on Intelligence and Security’s Advisory report on the Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2014 and the Australian Law Reform Commission’s report For Your Information: Australian Privacy Law and Practice by amending the Privacy Act 1988 to require agencies, organisations and certain other entities to provide notice to the Australian Information Commissioner and affected individuals of an eligible data breach.”

Cyber Insurance Australia Logo

Help protect your business with cyber insurance.

Mandatory Breach Notification Laws Abroad

Today, approximately 90 countries have data protection laws or relevant court rulings –  ranging from Angola and Argentina to Venezuela and Zimbabwe but many of those countries still don’t require breached organizations to notify either authorities or the individuals whose personal information was exposed in the event of a breach.

At the time of writing, 47 states, three U.S territories and Washington D.C. have adopted breach notification laws of varying requirements for organisations. In the past any attempts to replace them with a standard federal law have struggled due in part because some changes would have weakened some states current security approach.

The European Union’s General Data Protection Regulation, which will go into effect May 2018, includes multiple privacy provisions, including mandatory breach notification. The EU regulation is expected to serve as a model for other countries as global awareness spreads.

India has also weighed in to the global discussion with privacy practitioners stating they may not be ready for mandatory breach notifications as it lacks the strict regulatory enforcement and the country is still making amendments to it’s Right to Privacy Bill 2014. The EU’s GDPR will be especially relevant to the Indian IT industry as it caters to U.S.-based enterprises and processes personal data of EU, Australian and New Zealand citizens.

“It will also significantly increase compliance costs for service providers – which are already higher when serving EU-based clients, as compared with markets like USA,” “However, GDPR also may remove any misgivings about the Indian industry and data security standards in India, says  Mumbai-based Sunder Krishnan, chief risk officer, Reliance Life Insurance Company Ltd.

Legal Problems

Burden of proof- justice

Some warn that when the bill is passed there will be very similar problems facing businesses as is seen currently in the United States. Data breaches frequently lead to identity theft and financial losses, the victims of which may qualify for a lawsuit. On the other hand, organisations which don’t report their breaches face a range of penalties including fines of $340,000 for individuals and up to $1.7 million for companies.

Social media has also increased the pressure being put onto businesses as we are seeing unprecedented public customer service complaints causing reputation and public relations nightmares. Expect to see disgruntled customers rallying together using social media after future data breaches.

Class action lawsuits are being enabled by the online connectivity of claimants and are costing organisations millions. Below are a few high profile data breach settlements from Classaction.com

  • Home Depot (affected 50 million cardholders): $19.5 million settlement
  • Sony (PlayStation network breach): $15 million
  • Target: $10 million
  • Sony (employee information breach): $8 million
  • Stanford University Hospital and Clinics: $4.1 million
  • AvMed Inc.: $3.1 million
  • Vendini: $3 million
  • Ashley Madison: $1.6 million
  • LinkedIn: $1.25 million

Companies much prefer settling cases out of court to going to trial. But that is especially true for data breach lawsuits, because there is almost no court precedent for these kinds of cases.

Companies like Home Depot and Sony have no idea what would happen if they went to trial to fight a data breach suit, which is a scary prospect.

Insuring Against the Risk

Many Australian insurance providers have already put policies in place to respond and cover expenses from a data breach. We recently wrote in detail about where cyber insurance steps in, which can be found here. Expenses which are typically covered are;

Forensic Investigation

A forensic IT investigation is necessary to determine what occurred, how to repair the damage and how to prevent the same type of breach. Investigation may involve services from a third party security firm or law enforcement.

Business Interruption

The business may be unable to continue trading and suffer interruption costs due to network security failure or attack, programming errors or human errors. Loss of profits and costs incurred to continue business as usual are typically covered under a cyber insurance policy.

Legal & Public Relations

Cyber Insurance policies will cover legal defence costs due to a privacy breach, fines and penalties, reputational damage and public relations expenses to assist an organisations public image after a breach.

Extortion & Blackmail Costs

Policies will cover ransomware & extortion costs from criminal organisations and disgruntled employees for the release or protection of private information.

Moving Forward

Mandatory breach notification is the best step forward but it also relies heavily on organisations actually discovering they have been exposed. In recent reports, numerous websites such as Linkedin, Myspace and of course, Yahoo have suffered very high profile breaches which occurred up to 4 years ago and were only discovered years later.

Many large industry groups including Google, Yahoo, Facebook and Microsoft are stating that the existing voluntary breach notification scheme is effective and doesn’t require change.  Despite their support and mixed reception from the private sector, security experts and business leaders from various industries are getting behind the bill and arguing it’s benefits.

The OAIC annual reports from 2014 – 20152015 – 2016  are unable to provide enough depth from voluntary reporting which indicates the need for mandatory laws to be passed. It is likely that the larger industry groups are protecting their interests and understand the ramifications of mandatory breach notification from their legal departments abroad.

Cyber Insurance Australia Logo

Help protect your business with cyber insurance.

 

It looks inevitable that the bill will be passed and the public understanding of what is happening to their personal information will continue to increase.

Arranging an insurance policy, educating employees and instituting solid security processes will be key to mitigating this risk.

 

 

Read more

3 years ago · by · 0 comments

Cyber Claims Examples from Small Businesses

insurance claim written

Where cyber insurance steps in

Today we take a look at how some small to medium Australian businesses responded and recovered from various cyber events and how their insurance was able to assist. In the past 12 months the majority of all cyber attacks against Australian businesses were targeted at small to medium size businesses. Many owners have heard the buzzwords and have seen the major international incidents on the news but haven’t seen relatable cyber claims from Australian businesses.

Eye Surgery Clinic

  • 2 Locations
  • 15 Employees
  • $8 million turnover

malicious email

Incident

An employee opened an email attachment which contained ransomware,  causing the Insured to lose access to their network of digital patient records. The cyber criminals demanded ransom payment in Bitcoin of approximately $6,000 at the time of writing. Both practice’s were able to continue trading however at greatly reduced efficiency as they had not used paper records for accepting and treating patients in years. Despite having access to some paper filing, the business was not able to raise invoices as this is part of a paperless system. Forensic Investigators were able to recover the vast majority of data and restore the paperless system.

Outcome

$126,000 in forensic IT expenses, First Party damage and lost work hours.

 

Law Firm

  • 1 Location
  • 55 Employees
  • $20 million turnover

Incident

An unknown organisation gained access to a law firm’s network and may have gained access to sensitive client information, including a public company’s acquisition target, another public company’s prospective patent technology, the draft prospectus of a venture capital client, and a significant number of class-action lists containing plaintiff s’ personally identifiable information (PII). A forensic technician hired by the law firm determined that malware had been planted in its network. Soon after, the firm received a call from the intruder seeking $10 million to not place the stolen information online.

Outcome

The law firm incurred $2 million in expenses associated with a forensic investigation, extortion-related negotiations, a ransom payment, notification, credit and identity monitoring, restoration services and independent counsel fees. It also sustained more than $600,000 in lost business income and extra expenses associated with the system shutdown.

$2.6 million total costs

 

Cyber Insurance Australia Logo

 

Help protect your business with cyber insurance.

 

 

Raw Materials  Manufacturer

  • 1 Location
  • 28 Employees
  • $7.5 million turnover

cyber security, lock

Incident

The Insureds system was hacked via an email they received carrying a Ransomware virus. The virus prevented them from having any access to emails and their network. The criminals held the clients system to ransom and would only release files if the client paid $12,500. The fact that the client had numerous file shares and common storage areas made their system particularly vulnerable to attack and made it easy for the ransomware to encrypt nearly every file in their system.

Outcome

$12,500 in ransom costs plus an additional $25,000 in IT expenses related to diagnosing the problem, decommissioning the old servers and installing a new network.

Hardware Store

  • 1  Location
  • 20 Employees
  • $5 million turnover

Incident

An employee at a hardware store ignored internal policies and procedures and opened a seemingly innocuous file attached to an email. The next day the hardware store’s stock order and cash registers started to malfunction and business trade was impaired as a result of the network failing.

Outcome

The hardware store incurred over $100,000 in forensic investigation and restoration services. They also had additional increased working costs of $20,000 and business income loss estimated at $50,000 from the impaired operations.

$170,000 total costs

 

Health Clinic

  • 1 Location
  • 7 Employees
  • Turnover: unknown


Medical practice

Incident

A small health clinic discovered that an unauthorised third party had gained remote access to a server that contained electronic medical records. The third party posted a message on the network stating that the information on the server had been encrypted and could only be accessed with a password that would be supplied if the insured made a “ransom” payment. The insured contacted law enforcement and working with law enforcement, determined that the payment ($2,500) should be made. The payment constituted cyber extortion monies under the policy. Furthermore loss of business income amounted to $65,000 and IT forensic costs of $5,000 were paid in accordance with the coverage provided by other sections of the policy.

Outcome

$72,500 in ransom, forensic IT and lost business income costs

 

Cyber Insurance Australia Logo

 

Help protect your business with cyber insurance.

Conclusion

Regardless of staff size, turnover or industry, all businesses have a possible exposure from the ever increasing reliance on information technology. From most reports it is only a matter of time rather than a matter of being secure or not.

More cyber claims examples each month

Thanks to DUAL, Chubb and LUAW for their claims examples.

 

Read more

3 years ago · by · 0 comments

5 malicious emails to be aware of!

Malicious Emails Continue to Compromise

Here is our January 2017 wrap-up of large scale malicious emails making the rounds for Australian businesses.

We have all received some suspicious emails in the past and laughed at the seemingly obvious red flags, it appears that gone are the days of the poorly translated foreign prince simply trying to return your unknown wealth. Today, as employee education continues to increase, criminals are very fastidious and clever with their malicious email phishing attempts.

To verify or report a scam contact the ATO Scam Report or ScamWatch.

Australia Post

Earlier this month a torrent of Australia Post scam emails were discovered with a simple method of infection designed to evade anti-virus software. At the time of discovery by MailGuard, only 1 of 68 popular antivirus vendors were detecting the link as malicious

The message indicates a parcel is ready for collection at their local post office, simply confirm your correct postal address by clicking the link at the bottom of the email.

Malicious Aus Post Email

Malicious Australia Post Email

replica aus post website

Replica Australia Post Website

 

After clicking to confirm, a series of prompts leading to an identical Australia Post website end with a remotely executed malicious file being downloaded. An identical Australia post website has been created with the noticeable difference being the www.auspost.tk address instead of the official www.auspost.com.au, the malicious website even has ‘Captcha’ security forms and correctly scales for mobile users.

 

Cyber Insurance Australia Logo

Help protect your business with cyber insurance.

Australian Securities and Investments Commission – ASIC

Reports of fake emails claiming to be from ASIC are making the rounds and distributing malware at an alarming rate. “Malware can reformat your hard drive, alter, delete or encrypt files, steal sensitive information, send unauthorised emails, or takes control of your computer and all of the software on it.”

“The message claims to contain an important message. But those who click to the link inadvertently download a malicious JavaScript file. The file is housed within a zip file on a compromised SharePoint site.” said Jaclyn McRae of Mailguard.

The emails have been disguised using a third party program which causes them to appear to be sent from a legitimate @asic.gov.au account.

Scam-impersonation - asic

ASIC email scam

According to MailGuard, at the time of reporting, none of 68 well-known antivirus vendors were detecting the link as malicious.

“Scammers pretending to be from ASIC have been contacting Registry customers asking them to pay fees and give personal information to renew their business or company name,” “These emails often have a link that provides an invoice with fake payment details or infects your computer with malware if you click the link.”ASIC says.

Australian Taxation Office – ATO

The next government organisation being impersonated is the Australian Tax Office. The malicious emails are coming from a recently registered set of domains with slight variations to the correct ATO web address which is https://www.ato.gov.au.

“The email looks quite legitimate, and includes the recipient address within the text body. It includes Australian Government branding and confidentiality clause.”said Jaclyn McRae

The email contains a Microsoft Word attachment which the recipient is told requires their attention.

ATO - scam email

ATO scam email

“The attached document contains a a macro which when executed, downloads a virus from a remote location.”

malicious-email-macro

Microsoft Word Malicious Macro

We’ve recently written about malicious Microsoft Office macros and other methods of infection, here.

“Adversaries are increasingly using Microsoft Office macros – small programs executed by Microsoft Office applications such as Microsoft Word, Excel or PowerPoint – to circumvent security controls that prevent users from running untrusted applications. Microsoft Office macros can contain malicious code resulting in a targeted cyber intrusion yielding unauthorised access to sensitive information.”

Commonwealth Bank

Apart from government departments, financial services giants are also regular targets. ANZ, Macquarie and AMEX  have been recent targets of phishing scams.

malicious-email-commbank

Commonwealth Bank scam email

Very similar to the above mentioned ATO email scam, Commonwealth Bank customers have been sent the above secure message requiring the attached content to be downloaded. Once again, the Microsoft Macro contained in the Message.doc attachment downloads a virus from a remote location. Once recipients ‘enable editing’ and then ‘ enable content’ the virus is activated.

According to the MailGuard Security Blog , the malicious emails were sent from cloud-hosted servers in Hong Kong but the attack could have originated anywhere.

Driving Infringement Notices

A round of malicious emails poorly disguised as driving infringement notices has been targeting Australians for a few months. The continued attempts from criminals suggests some measure of success.

Despite having no branding, the ‘from’ name having no relationship to the sending domain and no reference to which police authority had issued the fine, it seems many targets have taken the bait.

According to MailGuard, “The malicious emails claim the recipient has incurred a fine for negligent driving. It says the fine will arrive in the mail, but that it can be viewed by clicking the link.”

 

malicious-emails-fine

Negligent driving scam email

The “photo proof” attachment contains a link which accesses a malicious ZIP archive and allows malicious software to be downloaded.

Conclusion

Thanks to MailGuard, subscribe to the security blog for regular updates here.

Each month we will try to highlight some common email scams targeted at the Australian market.

If we have missed a scam you think is important, please let us know below.

Cyber Insurance Australia Logo

Help protect your business with cyber insurance.

Read more

3 years ago · by · 0 comments

Lloyd’s CEO on Cyber Insurance

 

Lloyds of london logoLloyd’s of London better known as Lloyd’s is a corporate body which brings together multiple financial backers to pool and spread risk. These financial backers are grouped into syndicates, the syndicates referred to as underwriters or members are a collection of corporations and private individuals. In 2015, there were 84 syndicates that wrote £26.69 billion of gross premiums on business placed by 242 Lloyd’s brokers globally.

In the insurance industry Lloyd’s is one of, if not the biggest player with their syndicates having international bases and insight from markets around the globe.

In the past cyber insurance has been a relatively unknown product but this is all changing faster than the majority of businesses can keep up with. Expert predictions for 2017 are already indicating a lot more to come with no end in sight for historical breaches such as the 2014 Yahoo breach which was only discovered in 2016.

The current Chief Executive Officer for Lloyd’s and the first female CEO in the insurance market’s 328-year history is Dame Inga Beale. Heading the insurance market behemoth with regular insight into global insurance markets puts Mrs. Beale at the forefront of international business risk.

CEO- lloyds of london

Inga Beale, Lloyd’s CEO

Beale spoke with Intelligent Insurer regarding the increase in businesses of all sizes taking up cyber policies over recent years.

“In Australia, Lloyd’s has seen the amount of cyber insurance being purchased increase 168-fold in the last two years, as the risk becomes more of a concern for businesses.”

“In 2016 we’ve seen highly publicised cyber-attacks on some of the biggest corporate and retail names in the UK and globally. The effect of these breaches is multi-layered – besides business interruption, they can have a long lasting reputational impact and seriously affect the bottom line,” Beale, said.

“The problem is that I think there’s a slight disconnect between clients and their understanding of what’s on offer, and perhaps even a lack of understanding within the insurance sector,” Beale said while speaking at CFC Underwriting’s Cyber Symposium event in London last Thursday.

Mandatory breach notification laws

“What we have seen elsewhere in the world is as soon as you’ve got some regulation out there, a requirement for businesses to report breaches when there is a loss of personal data, that is one of the key drivers for elevating the risk up to the boardroom.” Beale stated.

Mandatory data breach reporting laws have been passed in the United States and other countries so far with the Australian bill passing through parliament at the time of writing. Under the new bill, organisations that determine they have been breached or have lost data are required to report the incident, and notify customers that are directly impacted or considered “at risk”.

Organisations and individuals that don’t will face a range of penalties, including fines of $360,000 for individuals and $1.8 million for organisations.

Safeguard your business with cyber insurance.

Cyber Insurance Australia Logo

Why Cyber Insurance?

“I’m afraid we no longer live in a world where you can prevent breaches taking place, instead it is about how you manage them and what measures you have in place to protect your business and importantly, your customers. As recent events have shown, hard-earned reputations can be lost in a flash if you do not have the correct plans in place.”

“There are two types of businesses. Ones who are being hacked and those who don’t know they are being hacked” Inga Beale.

“Insurance can play a critical role in helping businesses in this environment, not just in terms of cover for any financial losses, but for the support regarding meeting regulatory obligations and dealing with potential operational and reputational fall-outs.

The evolving cyber threat and new stricter regulations will change the way businesses are impacted by cyber incidents: they will have to deal with business interruption, financial penalties, regulatory scrutiny and reputational damage in a way they haven’t done before. All of these could be serious threats to a business’s revenue, share price or even survival.

That’s why, today, Lloyd’s views cyber as one of the most complex, current and critical risk businesses face.

Future expectations

“Our research has shown that cyber risk increasingly sits at the most senior level of business, and although the UK and Europe are still lagging behind the US in terms of take up of cyber coverage, the Lloyd’s market has seen a threefold increase on cyber business over the past two years, and we expect it to continue to grow in 2017.” Beale said.

With all reports for 2017 indicating a continued growth for cyber crime and mandatory reporting laws coming into effect around the globe, the time for robust cyber insurance and cyber security practices is now.

Safeguard your business with cyber insurance.

Cyber Insurance Australia Logo

Read more

3 years ago · by · 0 comments

Cyber Security Resources For Australian Businesses

“Employees still remain the most cited source of compromise”

With each new report the cyber security expert consensus remains the same regarding internal culture to self mitigate. The below is an excerpt from the latest Australia Securities and Investment Commission (ASIC) Cyber Resilience Assessment Report: ASX Group and Chi-X Australia Pty Ltd.

“There is clear recognition that effective cyber resilience requires a strong ‘cultural’ focus driven by the board and reflected in organisation-wide programs for staff awareness, education and random testing, including of third parties.”

The Global State of Information Security Survey from PricewaterhouseCoopers also noted that “employees remain the most cited source of compromise”.

cyber security, lock

 

Cyber security resources to help you stay up to date

Keeping your staff up to date with security best practices is one of the best ways to prevent an exposure.

Beginner step-by-step courses and advice to raise security awareness and protect your business & data from aggressive cyber threats.

CERT Australia (the CERT) is the national computer emergency response team and are the point of contact in Government for cyber security issues affecting major Australian businesses. The CERT is part of the Federal Attorney-General’s Department, with offices in Canberra and Brisbane.

At least 85% of the targeted cyber intrusions that the Australian Signals Directorate (ASD) responds to could be prevented by following the Top 4 mitigation strategies listed in our Strategies to Mitigate Targeted Cyber Intrusions.

“This Cyber Security Strategy sets out my Government’s philosophy and program for meeting the dual challenges of the digital age—advancing and protecting our interests online.” Hon Malcolm Turnbull MP

CREST Australia New Zealand Ltd, a not for profit company, runs CREST Australia New Zealand on behalf of member companies and provides assessment, accreditation, certification, education and training in cyber and information security for individuals and corporate entities and promotes the provision of high quality, best practice information security services according to its company constitution.

MailGuard is one of Australia’s leading technological innovators and the world’s foremost cloud web and email security service, providing complete protection against web and email security threats like malware, ransomware, spyware, phishing, spear phishing, viruses, spam and similar malicious scams in 27 countries around the world.

“This comprehensive report is a must-have reference for C-suite executives, senior managers and anyone new to the information security management space.”

Each year the government departments release their collective data for an eye opening report about national, commercial and private online security.

CSO provides news, analysis and research on a broad range of security and risk management topics. Areas of focus include information security, physical security, business continuity, identity and access management, loss prevention and more.

The SANS Institute was established in 1989 as a cooperative research and education organization. Its programs now reach more than 165,000 security professionals around the world. SANS is the most trusted and by far the largest source for information security training and security certification in the world.

“Everything you want to know about cyber security and are too tired to search for.” Whatever you may be interested in – from DEF CON to SANS – you will find on this page.

Conclusion

As the emphasis on employee exploitation tactics continues, the more important it is to educate all staff. Cyber Insurance Australia will continue to update this cyber security resource list as more valuable resources are discovered. For any additions please comment or message.

Cyber Insurance Australia Logo

Insure your business against cyber crime.

Read more

3 years ago · by · 0 comments

Biggest Cyber Attacks, Data Breaches, Leaks and Hacks of 2016

Cyber attack results show over 2.2 billion records stolen

Digital Lock, cyber security, cyber attack

It’s time to reflect on some of the most audacious, embarrassing and dangerous hacks, leaks and data breaches from the past year. 2016 is finished but and at this point there have been more than 2.2 billion records stolen in the past 12 months with a large number coming from historical breaches.

“Five hundred of the Fortune 500 have been hacked,”. “If anything has changed, it’s that these attacks are getting publicly disclosed.” said Dan Kaminsky,  Chief Scientist of White Ops, a firm specializing in detecting malware activity via JavaScript.

 

Here are some of the largest hacks from 2016

Yahoo – Yahoo has advised they have had at least an incredible 500 million accounts compromised. The intrusion actually happened in 2014 but was only picked up by the company in August of 2016 following an investigation into a separate breach. The August cyber attack turned out to be false but brought to light the extent of the 2014 intrusion. While Yahoo says the information taken was low-value data it did include security questions and answers which would make users vulnerable if used across multiple sites.

Linux Mint backdoor  The Linux operating system still remains one of the most popular Linux releases with approximately 6 million users despite a recent backdoor being announced. The malicious code was inserted into the legitimate version listed on the official Linux Mint forums. Hundreds of users downloaded the malicious build before detection.

“The hacked ISOs are hosted on 5.104.175.212 and the backdoor connects to absentvodka.com. Both lead to Sofia, Bulgaria, and the name of 3 people over there. We don’t know their roles in this, but if we ask for an investigation, this is where it will start.” said the official Mint statement.

SWIFT – SWIFT or Society for Worldwide Interbank Financial Telecommunication is a global organisation that operates a trusted and closed computer network for communication between member banks around the world. With 11,000 members and around 25 million financial messages sent per day SWIFT is a prime target for a cyber attack. On February 4, 2016 unknown hackers used Bangladeshi Bank employee SWIFT credentials to send approx $850 million to numerous accounts in the Philippines, Sri Lanka and other parts of Asia.

When Bank employees found the error $81 million had already been credited to multiple accounts—reportedly belonging to casinos in the Philippines—and all but $68,000 of it was withdrawn on February 5 and 9 before further withdrawals were halted. The hackers might have stolen much more if not for a typo in one of the money transfer requests that caught the eye of the Federal Reserve Bank in New York.

TRUMP –  The president elect’s TRUMP hotel chain has been the victim of two cyber attacks since 2015 with the most recent in April 2016. According to some sources the organisation was using unpatched and insecure systems which were more than 10 years old. The April findings were only scratching the surface but it is likely the TRUMP organisation has been compromised much further.

Trump email servers

Then, Trump’s presidential campaign leaked the resumes of prospective interns, including their names, addresses, and in some cases sensitive employment details. Let’s hope his cybersecurity strategy is better when he’s in office.

Insure your business against a cyber attack, Get a free quote today!

LinkedIn – The global professional networking company was first compromised in 2012. As with the same case as Yahoo, the scale of the historical 2012 breach was only understood this year when the number of stolen accounts exploded to almost 117 million. One reporter noted that the majority of stolen accounts had passwords found in the annual worst passwords list from SplashData.

The alleged hacker was eventually caught in the Czech Republic.

Here’s how to check if your accounts have been compromised in a cyber attack, haveibeenpwned.com

Tumblr –  It comes as no surprise that the Yahoo owned micro blogging and social networking website, Tumblr suffered a similar breach to their parent company in 2013 before the acquisition. Tumblr staff announced that it had been the victim of a security breach but refused to give details until investigative journalists discovered the stolen database had more than 65 million accounts.

MySpace – Formally the world’s largest social network, Myspace suffered their largest known exploit and brought them back into the headlines for the wrong reasons. The breach occurred on June 11th, 2013 but once again was only fully recognised earlier this year after further investigation.

“Each record may contain an email address, a username, one password and in some cases a second password.The methods MySpace used for storing passwords are not what internet standards propose and is very weak encryption or some would say it’s not encryption at all but it gets worse. We noticed that very few passwords were over 10 characters in length (in the thousands) and nearly none contained an upper case character which makes it much easier for people to decrypt.” said leaked data analysts at leakedsource.com.

US Political Attacks – The media had a field day surrounding the 2016 US election accusations from the White House that the Kremlin had committed politically motivated hacks on presidential candidates. Director of National Intelligence, James Clapper stated that “based on the scope and sensitivity of these efforts, that only Russia’s senior-most officials could have authorized” regarding the hacks. Russia has repeatedly denied the hacking allegations.

“Either stop talking about it or finally provide some evidence. Otherwise it looks indecent,” Kremlin spokesman Dmitry Peskov told reporters in Tokyo.

VK – The  largest European online social networking service, based in Russia was the victim of 3 separate hacks in as many months. According to reports, the attack occurred in 2012 or 2013 and continues the historical hack trend which has dominated this list. An estimated 171 million accounts from VK.com and their parent company Mail.ru’s forums.

The hacker is now reported to be selling a portion of the database. 100 million accounts, which turns out to be a little over 17 gigabytes in size have been found on a dark web marketplace for 1 bitcoin.

NSA – The infamous National Security Agency which is an intelligence organization of the US government, responsible for global monitoring, collection, and processing of information and data for foreign intelligence and counterintelligence purposes has had their internal tools stolen and auctioned off by The Shadow Brokers.

The hacking tools which could break through Fortinet and Cisco firewalls was seen listed for auction through known exploit sites. With the wide range of Snowden Leaked files sources are able to confirm that the exploit tools belonged to the US government.

At the time of writing the auction has failed however, The Shadow Brokers have now appeared to have put up the NSA’s hacking tools and exploits for direct sale on an underground website.

NSA 2nd breach – To add to the public woes the NSA has been dealing with over the past three years, Harold Martin, former staffer stole approximately 50 terabytes of data from the the United States’ top security organisation. The majority of the information taken was considered classified and actually greatly eclipsed the previous breach by Edward Snowden.

Martin has been initially charged with mishandling information which has now been upgraded to espionage. While a lot of information was classified there is a large amount which is of greater public interest for which Martin has done a great service. Martin reportedly simply walked out the front door with the data over the course of his 20 year employment. This is case study number 1 for future employee breaches.

 

 

Oracle Point-of-Sale Terminals – Point of sale machines have become common place globally to assist all business’s process and retain important customer details. Micros, one of the largest terminal manufactures which was acquired by Oracle in 2014 for $5.3 billion reported that “hundreds of systems” at the company had been compromised.

 

The compromised systems had malware installed which was designed to  remotely access usernames and passwords from systems located in retail outlets internationally.

Weebly –  The web development and design giant put more than 43 million customers at risk earlier this year thanks to their own terrible internal security.

Weebly has openly admitted in a statement that the security gap and cyber attack was their own fault and they are taking appropriate measures for future security. The  hacker reportedly took records which included usernames, passwords, IP addresses and email addresses.

AdultFriendFinder –  The 2015 Ashley Madison breach which involved approx 37 million accounts has been made to look like a drop in the ocean after the 2016 AFF breach.

More than 400 million users were exposed in a targeted attack on the AdultFriendFinder network. The adult hook-up website has reportedly compromised an absolutely staggering 20 years of data from their initial set up in 1996.  AdultFriendFinder describes itself as “one of the world’s largest sex hook-up” websites, with more than 40 million active users and a handful of similar adult oriented sites which were also compromised.
In the cyber attack stolen data included usernames, browser information, date of the users last visit, purchasing patterns and more.

Cyber Insurance Australia Logo

Insure your business against cyber crime.

Conclusion

Many more breaches have occurred which did not make the above list and with the enormity of the historical breaches now being brought to public attention it looks like 2017 is set for bigger and scarier reports to surface.

“I’m afraid we no longer live in a world where you can prevent breaches taking place, instead it is about how you manage them and what measures you have in place to protect your business and importantly, your customers. As recent events have shown, hard-earned reputations can be lost in a flash if you do not have the correct plans in place.” Inga Beale, Lloyd’s Chief Executive.

Read more

3 years ago · by · 0 comments

2016 Cyber Security Report released

The Australian Cyber Security Centre has released the 2016 threat report.

Australian Cyber Security Centre Logo

The ACSC is an important Australian Government initiative which brings together existing cyber security capabilities across Defence, the Attorney-General’s Department, Australian Security Intelligence Organisation, Australian Federal Police and Australian Crime Commission.

Each year the government departments release their collective data for an eye opening report about national, commercial and private online security.

Between July 2015 and June 2016, CERT Australia responded to 14,804 cyber security incidents affecting Australian businesses, 418 of which involved systems of national interest (SNI) and critical infrastructure (CI). The incidents affecting SNI and CI are broken down by sector below.

private industry cyber security breach pie chart

As CERT Australia relies on the voluntary self-reporting of information security incidents from private, commercial and government sources throughout Australia and internationally, CERT is unfortunately not able to get a complete view of all incidents. A large number of businesses which have been victims of a breach have paid a bitcoin ransom or fixed their system without notifying CERT or their cyber insurance provider.

According to CERT, the energy and communications sectors had the highest number of compromised systems. The banking and financial services and communications sectors had the highest number or DDoS attacks while the highest number of malicious emails was received by the energy and mining sectors.

Cyber Insurance Australia Logo

Insure your business against cyber crime.

Trending exploitation techniques

  • Spear Phishing – emails containing a malicious link or file attachment with methods used becoming more convincing and difficult to spot. As such, spear phishing emails continue to be a common exploitation technique used in the compromise of Australian industry networks.
  • Ransomware – Ransomware encrypts the files on a computer (including network fileshares and attached external storage devices) then directs the victim to a webpage with instructions on how to pay a ransom in bitcoin to unlock the files. The ransom has typically ranged from $500 – $3000 in bitcoins.
  • Web-seeding techniques – By compromising web sites frequently visited by targets, adversaries are able to exploit targets without overt communication, such as spear phishing emails. Strategic web compromises have proven effective for thematic campaigns, such as targeting foreign policy and defence organisations via the compromise of think tanks and media organisations, but pose an equal threat to all users.
  • Malicious advertising – “Malvertising” allows an adversary to target a specific audience by exploiting online advertisement networks used by popular websites that visitors trust. Typically, either malicious code is inserted into an ad being presented to users in the course of their normal browsing or a benign ad is used to redirect the user to somewhere that will download malicious code automatically.
  • Microsoft office macros  Adversaries are increasingly using Microsoft Office macros – small programs executed by Microsoft Office applications such as Microsoft Word, Excel or PowerPoint – to circumvent security controls that prevent users from running untrusted applications. Microsoft Office macros can contain malicious code resulting in a targeted cyber intrusion yielding unauthorised access to sensitive information.
  • DDoS extortion – A Distributed Denial of Service (DDoS) attack is an attempt to make an online service unavailable by overwhelming it with traffic from multiple sources. DDoS extortion occurs when a cyber adversary threatens to launch DDoS activities against an organisation unless a fee is paid.
  • Secondary Targeting – There has been an increase in the detection of cyber adversaries attempting to gain access to enabling targets – targets of seemingly limited value but which share a trust relationship with a higher value target organisation. It is imperative that organisations understand that they might be targeted solely based on their connections with other organisations – the real target of these adversaries.
  • Targeted Disclosures – While the theft and targeted disclosures of sensitive information is not a new threat, the employment of the tactic in such a brazen manner against high profile entities has almost certainly lowered the threshold of adversaries seeking to conduct such acts.
  • Credential Harvesting Campaigns –  emails direct the user to access a document via Google Drive, and by clicking on a “View Document” link, the user is then directed to a webpage where credentials are requested and thereby harvested by the adversary. Emails are then sent from the compromised user’s account to contacts contained in the compromised user’s address book, meaning the malicious emails will appear to be coming from legitimate and trusted sources.

What does a typical cyber security compromise look like?

Intial foothold

The attacker sends a spear phishing email with a malicious link to their target which when opened will execute malware creating an entry into the network.

Network Reconnaissance 

After access has been granted the attacker will continually monitor and study the network, search for domain administration credentials and possibly propagate through other linked networks. As an example, an adversary will regularly access the network to gain updated user credentials, thus avoiding losing access because of password changes.

cyber security flow chart

 

Establish Presence

Once in the network, adversaries will attempt to obtain legitimate user credentials with the goal of gaining legitimate remote administrative access. After legitimate credentials are obtained, the adversary will transition from malware dependant tradecraft to the use of Virtual Private Network (VPN), Virtual Desktop Infrastructure (VDI), or other corporate remote-access solutions combined with software native to the organisation.

Ensure Persistence

Adversaries strive to install malware or a web shell to ensure ongoing access should their legitimate accesses cease to function. Malware is typically configured with a limited “beacon rate” to minimise network traffic and evade network defenders. However, web shells are increasingly being used as they generate zero network traffic and are difficult to detect unless the adversary is actively interacting with them.

Execute Intent

Once persistent access is gained, the adversary will execute their intent. This intent could be anything from data exfiltration to enabling lateral movement to the real targeted organisation, exploiting circle of trust relationships between the organisations.

 

 

 Cyber Insurance Australia Logo

Insure your business against cyber crime.

 

Further Resources

Mitigation of Targeted Cyber Security Intrusions

The mitigation strategies tailor and provide additional controls that make the mitigation strategies relevant to current and emerging issues such as ransomware and other destructive malware, malicious insiders, and industrial control systems.More information can be found at http://www.asd.gov.au/infosec/mitigationstrategies.htm

The Australian Government Information Security Manual (ISM)

The Australian Government Information Security Manual (ISM) assists in the protection of official government information that is processed, stored or communicated by Australian government systems, and is available at http://www.asd.gov.au/infosec/ism/index.htm

CERT Australia (Computer Emergency Response Team)

CERT Australia’s public website contains useful information for Australian businesses in relation to mitigating cyber security incidents and security issues affecting major Australian businesses. More information can be found at: https://www.cert.gov.au/

Read more

3 years ago · by · 0 comments

“Massive” cyber security breach for ThyssenKrupp

Trade secrets stolen in cyber attack on ThyssenKrupp AG

One of the world’s largest engineering firms ThyssenKrupp  has released a cyber security statement. The release indicates they have been the victims of “organised, highly professional hacker activities” earlier in 2016.

The corporation consists of 670 companies worldwide. While ThyssenKrupp is one of the world’s largest steel producers, the company also provides components and systems for the automotive industry, elevators, escalators, material trading and industrial services. As of a 2009 reorganization, it is structured into eight business areas that fall under two major divisions, Materials and Technologies

“The incident is not attributable to security deficiencies at Thyssenkrupp. Human error can also be ruled out. Experts say that in the complex IT landscapes of large companies, it is currently virtually impossible to provide viable protection against organized, highly professional hacking attacks. Early detection and timely countermeasures are crucial in such situations. Thyssenkrupp has been successful in both respects” stated Robin Zimmermann, head of external communications.

The breach which was discovered in April 2016 after a series of additional breaches were discovered by the company’s internal security. The original breach was traced back to February 2016 and was caused by hackers located in southeast Asia.

Trade secrets and project data have been stolen from the plant engineering division. Other areas are still yet to be fully investigated in what is now the second major cyber breach since 2012 for the engineering giant. In 2012 TKAG and Airbus parent company EADS had also been targeted by Chinese hackers. In September 2015 China and the U.S.  agreed not to target each other for cybertheft of intellectual property. This is a major step in the right direction and indicates their compliance with these tactics towards other targets.

 

Cyber Insurance Australia Logo

Insure your business against cyber crime.

“It is important not to let the intruder know that he has been discovered,” a spokesman said. The news of the breach was not publicly announced until the company had cleansed the infected systems in one global action and implemented new security measures to monitor its computer network.

Within its marine systems unit, which produces military submarines and warships no breaches have been found.

Sources: REUTERS , IT News, ThyssenKrupp,

Read more

3 years ago · by · 0 comments

Australian cyber risk exposure calculated at $20 billion, warns Lloyd’s of London.

In a joint study with Cambridge University, the Lloyd’s insurance giant has ranked Sydney 12th out of 301 global cities in terms cyber attack exposure with $4.86 billion ($6.36 billion) of GDP at risk for 2015 – 2025.

In its City Risk Index 2015-2025, Lloyd’s also ranked other Australian cities in the study, Melbourne’s economic risk was measured at $US3.87 billion ($5.06 billion), followed by Canberra at $US2.8 billion ($3.66 billion).

Brisbane’s risk was $US2.05 billion ($2.68 billion), Perth’s $US1.83 billion ($2.39 billion) and Adelaide’s $US1.01 billion ($1.32 billion).

Globally, Lloyd’s warns that $294 billion is at risk as attempted and successful cyber attacks become more prevalent.

“We are living in a world where people carry a globally connected supercomputer in their pocket and almost every important work document is stored in the cloud, on servers or online. The result is an explosion in the potential for cyber risk.” Lloyd’s Global CEO Inga Beale stated during a recent visit to Sydney.

“The latest series of high-profile data breaches is just the beginning,” she said. “With the emergence of the Internet of Things, the potential for cyber risk is enormous.”

Lloyd’s has seen the amount of Cyber Insurance coverage increase 168-fold in the past two decades in Australia with more businesses seeking to protect themselves.

In the US 25% of businesses now have cyber insurance. Europe should catch up after the EU introduces its General Data Protection Regulation in 2018.

The regulation, with implications for Australian business holding European customer data, requires disclosure of breaches to national data protection authorities and potentially affected individuals.

Source: http://bit.ly/2h6aOhE

Cyber Insurance Australia Logo

Insure your business against cyber crime.

Read more

Take care of your business

Insurance for
your business future

Call us today for specialist business insurance packages.

Company information

Naga Risk Solutions Pty Ltd T/as Cyber Insurance Australia ABN 59 378 032 992. CAR 1250594

Authorised Representative for National Advisor Services Pty Ltd t/as Community Broker Network (CBN) ABN 60 096 916 184 | AFSL 233750

Financial Services Guide (FSG), Privacy Policy & Complaints & Dispute Handling, Insurance Brokers Code of Practice (FSG)

Contact details

E-mail address:
contact@cyberinsuranceaustralia.com.au

1300 GOCYBER

1300 462 923

Available 8:30am - 5:00pm

PO Box 1677, Milton LPO
Milton
Brisbane, QLD 4064

Join our monthly newsletter for:

Enter your email and stay up to date,

Subscribe to our monthly newsletter!