Help

BI’s Article search uses Boolean search capabilities. If you are not familiar with these principles, here are some quick tips.

To search specifically for more than one word, put the search term in quotation marks. For example, “workers compensation”. This will limit your search to that combination of words.

To search for a combination of terms, use quotations and the & symbol. For example, “hurricane” & “loss”.

Login Register Subscribe

Ransomware, phishing attacks escalated in 2017

Reprints
Ransomware, phishing attacks escalated in 2017

An 18% increase in ransomware incidents and a new type of phishing attack are just two of the emerging threats with which organizations had to cope in 2017, according to a Beazley P.L.C. report released Tuesday.

The London-based specialty insurer’s 2018 Breach Briefing, based on over 2,600 data incidents experienced by its policyholders in 2017, says that a new type of phishing attack aimed at changing direct deposit information and potentially opening lines of credit emerged in 2017. Beazley said it handled 54 such incidents in 2017, with more than half — 54% — in the higher education sector. Other sectors included health care, 30%; professional services, 5%; retail, 5%; and manufacturing, 4%. Eighty-four percent hit middle-market enterprises.

Companies can help combat such attacks by using two-factor authentication for external access to all applications, by educating and training employees about phishing, and by enforcing strong password policies, the report said.

Ransomware also remained a major threat, with the number of incidents rising 18% in 2017, the Beazley report said. The health care sector led the way with 54% of attacks, followed by the financial and professional services sectors with 12% each, manufacturing at 7%, and education and retail at 6% each.

Companies can help protect against cyber extortion by training employees on the indicators of ransomware and malware and how to identify phishing emails, hardening network devices with secure configurations, and taking advantage of threat intelligence resources, the report said.

The report also described a rise in sophisticated social engineering schemes associated with inducing an employee into making a wire transfer or other electronic payment to a bank account controlled by the cyber criminal. There was also an increase in W-2-related phishing scams.

Business interruption and contingent business interruption will increase in 2018, the report said.

Manufacturers lost tens of millions of dollars due to the NotPetya malware attacks in 2017, when production lines and deliveries were disrupted or shipping and invoicing were delayed, the report said, adding, “Business interruption from direct attacks is only part of the story. The risk of losses from dependent business interruption continues to increase with the growth of cloud platforms, connected devices and digitization of supply chains.”

 

 

 

Read Next

  • Ransomware targeting cloud services one of the biggest cyber threats to organizations: MIT

    A review by U.S.-based Massachusetts Institute of Technology predicted that ransomware targeting cloud services is one of the six biggest cyber threats that organizations across the world are likely to face in 2018, Computerweekly.com reported. MIT said that smaller cloud providers are likely to be more vulnerable and pay up if customer data were encrypted and held for ransom. Cyber attacks targeting electrical grids, transportation systems and other types of national critical infrastructure are also expected to increase.