☰ Navigation

1-888-643-2217 Email ABEX
Keeping you updated

Archives

DDoS Attack Leads to Significant Online Sales Shortfall

Posted on by

The dawn of the internet has opened up a world of opportunity for businesses, allowing them to reach new markets and increase their revenues. Along with this, however, has come new risks. With many businesses now increasingly reliant on online sales, they are potentially vulnerable to financial losses should their websites become inaccessible to their customers.

One of the threats posed to businesses with an online presence are distributed denial of service (DDoS) attacks. DDoS attacks are used by cyber criminals to take down websites with many utilizing what is known as a botnet to do so. A botnet is essentially a network of “zombie” computers that are infected with malware that allows malicious actors to control them without their owners’ knowledge. When DDoS attacks are carried out in this way, the computers that make up the botnet are directed to access a particular website repeatedly and in rapid succession, flooding the website with more requests than it can handle and resulting in it appearing offline to normal internet users.

In the past, botnets were relatively difficult to assemble, but nowadays anyone can hire a botnet from the dark web and command all the computers within it to aim their access requests at a website of their choice. As a result, numerous organizations have fallen victim to DDoS attacks in recent years. For example, in late 2015 the BBC’s website was taken down for a whole morning following a DDoS attack initiated by a group of hackers, while in 2016, HSBC was hit by a DDoS attack that resulted in millions of customers being unable to access HSBC’s online banking services. Most recently, in mid-April 2019, the hacktivist group Anonymous claimed to have been behind DDoS attacks which brought down the websites of the National Crime Agency and the UK Supreme Court following the arrest of Julian Assange.

However, large, multinational corporations are not the only organizations that are targeted in this way. One of our policyholders affected by a DDoS attack was a small retailer of domestic goods. Although the majority of their sales are carried out in store, a sizable portion come from sales through their website.

Hacker fulfills promise of attack after missed email threat

The incident began when an unidentified hacker sent an email to one of the firm’s business email addresses, stating that the company’s website would be taken down within 24 hours unless a payment of $4,000 in Bitcoin was made. However, this email was caught in the company’s spam filters, meaning that it was not initially read by anyone at the company and so no reply was sent to the hacker.

Having not received any response to the threat after 24 hours, the hacker stayed true to his word and looked to initiate the next phase of the attack. Utilizing the massive number of computers under his control via a botnet, the cyber criminal directed the computers to send a vast amount of access requests to the company’s website. Without any DDoS protection in place and as this was only a small business, this flood of internet traffic was well in excess of what the their website could handle. The website was soon overwhelmed and became inaccessible to genuine internet users looking to browse products.

 

Repeated remedy attempts thwarted

It was the next morning when the policyholder became aware that the website was not appearing to external users. After some initial investigations, it was determined by the company’s IT department that the website was facing a sustained DDoS attack. In an attempt to overcome the issue, the IT team decided to block any internet traffic that came from outside the country in which they were based. This provided a very brief period of respite for the insured, with the website appearing back online, but the hacker responsible refused to give up that easily.

To overcome this new obstacle, the hacker made use of proxy servers. A proxy server acts as an intermediary between an end user and the internet, and essentially allows the end user to go online with a substitute IP address. In this case, the hacker simply switched the blocked IP addresses over to proxy servers that made it appear as if they were coming from the same country as the insured. This meant that the website was inundated with internet traffic once again, resulting in it appearing offline for a second time.

Having discovered that the website was down again, the insured’s IT department tried another tactic to help remedy the situation. This time they changed the website’s IP address, meaning that all of the DDoS related internet traffic was now being redirected to the old IP address. With the DDoS attack now focused on the old IP address, legitimate internet users could now access the insured’s website. However, this proved to be yet another short-lived victory. The attacker was determined to bring the website down and force the insured into making a ransom payment, so after realizing that the insured had changed the website’s IP address, the hacker simply switched the point of attack to the new IP address, swamping the website with internet traffic once more and bringing the site to its knees.

Policyholder enlists the helps of CFC’s cyber incident response team

After several further attempts to counter the attack meeting with little success, it was at this point that the insured got in contact with our incident response team. Our team swiftly directed the insured towards one of our incident response partners that specializes in providing DDoS mitigation services. This service works by providing organizations affected by a DDoS attack with access to a network of data centers with a much higher capacity to absorb the vast amounts of internet traffic being generated by the attack. In addition, the service is also able to establish the difference between legitimate and illegitimate web traffic, thereby blocking malicious requests and allowing genuine internet users to access the affected site. After submitting some key details, the company was able to gain access to this service and within a few minutes their website was up and running again without suffering any further disturbance.

Nevertheless, the company website had been down from 7 o’clock in the morning until just after 4 o’clock in the afternoon, with only a few brief moments of normality in between the hacker’s various attacks. During this time, customers had been unable to access their website and purchase any items online. Despite seeing a resumption of sales in the days after the attack, the insured still suffered a noticeable reduction in overall sales for the month. Having budgeted for $1,126,838 in online sales for the month in question, the insured only achieved sales of $951,632, a shortfall of $175,206. After adjusting the loss to reflect that the business had been slightly behind budget in the weeks preceding the DDoS attack, and following the application of a rate of gross profit of 41%, this resulted in a business interruption loss of $51,506, which was picked up by the insured’s cyber policy with CFC.

How to minimize the impact of a DDoS attack

This claim highlights a few key points. Firstly, it illustrates the importance of businesses investing in some form of DDoS protection, as these attacks are increasing in terms of size and power. Indeed, some hackers are exploiting the rise of connected devices (sometimes referred to as the Internet of Things or IoT), such as cameras, smart TVs, printers and even children’s toys and baby monitors, to increase the computing power at their disposal when carrying out DDoS attacks. Depending on the size of the business in question, DDoS protection can be a relatively inexpensive purchase and is often available to businesses via their web-hosting providers.  Having this protection in place can help reduce the likelihood of an organization’s website being taken down by malicious actors.

Secondly, it underscores the importance of policyholders notifying incidents to their insurer as soon as they can. In this case, the company’s internal IT department initially attempted to deal with the DDoS attack on their own, but unfortunately their attempts were unsuccessful. After the matter was referred to our incident response team, we managed to get the policyholder in touch with a specialist provider and get the website back online very quickly. Had they notified the incident earlier, it would likely have resulted in the incident being resolved without any meaningful interruption or reputational damage to their organization.

Finally, it highlights just how dependent modern businesses are on their digital assets and how important cyber insurance coverage is. The policyholder’s website was only out of action for a single working day yet it still resulted in a sizable business interruption loss. However, traditional insurance policies, such as standard property and business interruption cover, were designed to deal with threats to a company’s physical assets, rather than their digital assets like websites, software programs, data and electronic funds. Cyber insurance fills this gap, providing cover for digital assets against 21st century threats.

Source: www.cfcunderwriting.com

 

 

Healthcare Industry and Bodily Injury

Posted on by

Technology is fundamentally changing the way healthcare is delivered, monitored and addressed. And telemedicine – or the remote delivery of healthcare services – is one of the fastest growing, and most obvious examples of this shift.

While the use of technology can deliver great benefit to patients, it also creates new exposures for both traditional and digital healthcare organizations. And questions around medical responsibility in the event of bodily injury or harm to a patient are still being debated.

What is clear, is that traditional bodily injury coverage triggers have become outdated and are no longer sufficient due to the global rise of technology within healthcare.

Here is how CFC policy addresses each of these unique exposures:

Healthcare services Failure to adequately assess a patient and their symptoms via telemedicine could lead to incorrect diagnosis and delayed treatments. Similarly, if a patient is sending a picture of a physical issue such as a rash, a distorted image could lead to an incorrect diagnosis.

If a patient suffers misdiagnosis, delayed or incorrect treatment as a result of healthcare services provided through remote means, the policy will trigger.

Technology activities Artificial intelligence is now being used to more effectively triage patient conditions, most commonly diagnosing basic illnesses via a chatbot function, however, the way in which a patient describes their symptoms can leave them confused or undiagnosed.

If a patient suffers misdiagnosis, or goes undiagnosed via a chatbot, the policy will trigger.

System outage A failed update or computer system outage could affect remote patient monitoring functions, this could pose a risk to patient’s safety in the event of a medical emergency.

If a system failure leaves you unable to diagnose or treat a patient, the policy will trigger.

Cyber-attack A targeted ransomware attack could deny access to systems and patient data, where patients’ vitals are being monitored and medications prescribed via telemedicine.

If a cyber-attack cripples the telemedicine system or electronic medical records database, meaning patients could be unable to receive repeat prescriptions leading to injury or even death, the policy will trigger.

CFC’s eHealth insurance policy addresses this challenge by providing multiple bodily injury triggers. These include four main areas in which exposures can arise: healthcare services, technology activities, cyber events or system outages.  Please contact your insurance broker for more information.

Source: www.cfcunderwriting.com

Cyber Policy Wordings Myths

Posted on by

For buyers of cyber insurance, these are confusing times. The news is peppered with stories purporting that cyber policies aren’t fit for purpose and even worse, that cyber insurance claims aren’t getting paid.

The CFC article below is setting the record straight. Cyber is an incredibly important line of cover for modern businesses of all types and sizes, and cyber policies are evolving rapidly to meet their needs. Below you’ll find some of the main policy coverage misconceptions, and CFC’s response to them.

  1. The myth: Cyber events caused by human oversight or error won’t be covered. The reality: While it’s true that cyber insurance was primarily developed to deal with malicious cyber events, policies go far beyond this today, covering a wide range of losses caused by human error or oversight, such as lost laptops or social engineering scams. In fact, about 75% of the cyber claims that CFC pays are for events originally caused by some kind of human error.
  2. The myth: Only the legally required costs associated with a data breach will be covered. The reality: Cover for data breaches is actually incredibly mature, having been an established part of cyber insurance policies for the last decade. Should a cyber event lead to a privacy breach, nearly every policy will pick up the costs associated with regulatory fines and penalties, breach management like the production and posting of letters, post-breach remediation, and crisis communications, even if you are voluntarily notifying costumers.
  3. The myth: System interruption cover will only cover the period of actual system downtime. The reality: Recognizing that business interruption can be felt well beyond the period of actual system downtime, cyber insurance providers have developed this cover considerably over the last few years. CFC’s policy, for example, automatically provides a 12-month indemnity period to pick up losses incurred in the long aftermath of a cyber event, and most other providers offer 3-6 months as standard with the option to extend.
  4. The myth: If an outsourced technology provider experiences an issue that leads to a cyber event, it won’t be covered. The reality: This is a relatively outdated concern. Today, any established cyber insurance policy will cover cyber events and system downtime experienced by the insured themselves and at least their third party technology service providers, if not the full supply chain encompassing non-technology service providers too. In addition, data hosted with third parties is also typically covered.
  5. The myth: If a system has been recently updated, it won’t be covered. The reality: Not only are systems updates part and parcel of most business’ operations, but it is not in the interests of cyber insurers to discourage businesses from bringing their systems up to date. After all, updates and new system implementation can improve security. For that reason, reputable cyber policies will not look to exclude events arising out of systems that are new or recently updated.
  6. The myth: If a contractor causes a cyber event, such as a data breach, it won’t be covered. The reality: The majority of cyber policies are designed to cover the entirety of business operations. Just as with outsourced technology providers, CFC’s policy is designed to cover claims caused by third party contractors. In fact, we take it one step further and cover our policyholders’ data wherever it is hosted and whomever it is breached by.
  7. The myth: It’s difficult to get cyber incident support and notify claims. The reality: It’s in the interests of insurers to encourage quick and easy engagement with policyholders if a cyber event occurs. If the last two decades of underwriting this class has taught us anything, it’s that good incident response is key in containing the loss to a business and the subsequent cost of a claim. CFC – along with much of the industry – is taking steps to make reporting a claim as easy as possible through 24/7 hotlines or innovations like our cyber incident response app.
  8. The myth: In the event of a cyber incident, businesses cannot choose the IT, legal, or PR specialists they work with. The reality: While we can’t speak for the entirety of the market on this matter, this is certainly untrue for CFC. While we offer policyholders quick and easy access to a global panel of high-quality incident response partners, we understand that some businesses have their own providers and therefore don’t typically limit our policyholders to working with our panel alone.
  9. The myth: Cyber insurance doesn’t pay out. The reality: Cyber insurance most certainly does pay out. At CFC, cyber insurance actually has a lower claims declination rate than most other lines of insurance. In 2018, we paid over 1,000 cyber claims and we expect that number to increase by 50% in 2019. In short, the number of these claims continues to rise and insurers are paying them.

Source: www.cfcunderwriting.com

 

 

Customer Payment Fraud

Posted on by

Funds transfer fraud – whereby fraudsters dupe innocent businesses and individuals into transferring what they believe are legitimate payments to fraudulent bank accounts – is becoming an increasingly common problem.

In an insurance context, most cyber policies with crime cover in place will provide some form of protection for situations where policyholders lose their own money in this way. For example, if a fraudster manages to impersonate the policyholder’s CEO and gets a member of the finance team to send a payment over to a fraudulent bank account, the policyholder’s business will have suffered a financial loss. All being well, this loss can then be recovered under their cyber policy.

However, it’s not always the policyholder’s business that suffers a loss in this way, but the policyholder’s customers. Customer payment fraud describes a situation in which a business is impersonated by a fraudster, who then dupes some of the business’s customers into making payments to a fraudulent account.

To make this concept a little easier to digest, let’s take a look at a real-life example.

We recently dealt with a claim involving an insurance brokerage that is primarily involved in arranging property and casualty insurance cover for SME businesses. One of the brokerage’s employees had their email account compromised by a fraudster, which allowed the fraudster to monitor the broker’s inbox and identify an opportunity to misdirect funds. The broker had been working on the renewal of a package policy with one of the brokerage’s existing clients and all that remained was for the client to transfer the premium over to the brokerage, who would then pass it on to the insurer.

Having chosen a suitable target, the fraudster then sent an email from the broker’s account and explained that the premium would have to be sent to an international account due to an audit on the brokerage’s usual account. Assuming that this was a legitimate request, the customer duly transferred the premium over to this fraudulent account. It was only when the broker chased the customer about the payment some weeks later that the scam was uncovered. This meant that the premium still remained unpaid, but as the fraudulent communications appeared to come from the broker, the customer put the blame on the brokerage and refused to pay the premium twice. Given this, the brokerage accepted responsibility for the incident and decided to pay their customer’s premium from their own funds.

In this case, the primary victim of the loss was not the brokerage but their customer. As it wasn’t the brokerage that was tricked into transferring funds, the crime cover on most cyber insurance policies would not be triggered, unless there is some form of specific cover for customer reimbursement in place. However, under CFC’s cyber crime insuring clause, losses of this nature are covered up to a maximum of $50,000, providing a valuable safety net and helping to maintain good customer relations for policyholders who are impersonated in this way.

Click here to Read CFC’s latest study about funds transfer fraud.

Source: www.cfc.com

ABEX Office Relocation

Posted on by

We are moving! ABEX office will be closing at 12:00 p.m. EST on Friday, March 29 for relocation.  We will not have access to our phones or systems during the move.

We will resume our regular business hours of 8:30 a.m. – 5:00 p.m. EST, on Monday, April 1.

Effective April 1, our new address will be:

139 Northfield Dr. W., Suite 206
Waterloo, ON N2L 5A6

Our telephone, fax number, email addresses and all other contact details remain unchanged.

If you need to submit a claim during our move or after hours, please contact

Crawford Adjusters. They can be reached by phone: 1-877-313-2585  or email: newabexclaims@crawco.ca

We thank you for your patience while we’re making the transition to our new space!

Blog

FOLLOW OUR BLOG

Receive notifications of new posts automatically.

ABEX - AFFILIATED BROKERS EXCHANGE IS ON FACEBOOK.

Like us on Facebook
Connect with us on LinkedIn

CONNECT WITH US ON LINKEDIN