Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label NotPetya. Show all posts
WannaCry
Cyber Attacks Cyberattacks modern warfare NotPetya OPM data breach SolarWinds Hack state-sponsored cyberattacks Stuxnet WannaCry

Top 5 Notable Cyberattacks in Modern Warfare

 

Warfare is no longer restricted to traditional battlefields; in the digital age, cyberspace has emerged as a new arena of conflict. Nations now engage in cyber battles using lines of code and advanced malware instead of conventional weapons.

A recent incident in May highlighted this shift when around 270,000 payroll records of the UK's armed forces were compromised in a data breach. While the UK government did not explicitly name a culprit, several ministers suggested China as the likely perpetrator. The Chinese government has denied any involvement.

This incident is just one in a series of cyberattacks targeting governments, their institutions, and personnel. Here are five notable examples:

  • Stuxnet, 2010: Stuxnet was the first major cyberweapon known to the world. This sophisticated worm, which replicates itself to spread across computer networks, specifically targeted Iran’s nuclear program. Unlike typical malware, Stuxnet was designed to infiltrate and disrupt uranium enrichment processes by causing centrifuges to malfunction while sending false data to monitoring systems, making the damage invisible to operators. Widely believed to be a joint effort by the US and Israel, Stuxnet not only delayed Iran's nuclear ambitions but also raised serious concerns about the potential for cyber tools to cause physical destruction, sparking debates on the ethics of state-sponsored cyberattacks.
  • WannaCry, 2017: In May 2017, the WannaCry ransomware attack locked up hundreds of thousands of computers across over 150 countries. Exploiting a vulnerability in Microsoft Windows, WannaCry encrypted users' files, demanding Bitcoin payments to unlock them. The attack severely impacted sectors including healthcare, with the UK's NHS particularly affected; at least 81 health trusts were compromised, leading to canceled appointments and diverted emergency services, costing the NHS an estimated £92 million. The spread of WannaCry was halted by a security researcher who identified a "kill switch," but not before it demonstrated the risks of outdated software. The attack was attributed to North Korean hackers.
  • NotPetya, 2017: Later in 2017, Ukraine experienced a devastating cyberattack known as NotPetya, which quickly spread internationally. Disguised initially as ransomware, NotPetya encrypted data but provided no way for victims to recover their files. Targeting Ukraine's government, financial sector, and energy companies, it disrupted essential services. The malware also affected global companies like Maersk and Merck, causing billions in damages. The attack, widely attributed to Russian state-sponsored hackers aiming to destabilize Ukraine, was described by the White House as the "most destructive and costly cyberattack in history." Russia denied any involvement.
  • SolarWinds Hack, 2020: Amid the COVID-19 pandemic, the SolarWinds hack targeted multiple US federal agencies in 2020. Hackers infiltrated SolarWinds, a tech company that provides IT network management software, by inserting malicious code into its widely-used Orion platform. This allowed them to access sensitive information across various government departments, including the Treasury and Homeland Security, for months before detection. The breach underscored the vulnerability of even highly secure systems and was attributed to Russian state-sponsored hackers, though Russian officials denied the allegations.
  • OPM Data Breach, 2015: In 2015, the US Office of Personnel Management (OPM) suffered a massive data breach that exposed the personal information of over 21 million federal employees and contractors, including social security numbers, fingerprints, and data from background checks. The breach was widely attributed to Chinese state-sponsored hackers, though the Chinese government denied involvement. The incident highlighted significant vulnerabilities in the management of sensitive US government data and prompted a reevaluation of data protection strategies nationwide.
These incidents underscore the growing significance of cybersecurity in national defense, highlighting the need for robust protective measures against state-sponsored cyber threats.
Read more »
Ukraine
Act of War Cyber Attacks cyber insurance policy NotPetya Ukraine

Cyber Insurers Redefine State-Sponsored Attacks as an Act of War Amidst Legal Concerns


The U.S. government says that the consequences created by NotPetya were the result of a Russian cyberattack on Ukraine in 2017. This continues to be felt as cyber insurers alter coverage exclusions, further extending the definition of an “act of war.” One can conclude that the 5-year-old cyberattacks seem to be reshaping the cyber insurance industry. 

The parent company of brands like Cadbury, Oreo, Ritz, and Triscuit, ‘Mondelez’ was in fact impacted by NotPetya, where the manufacturing factories and production were interrupted, taking days for the companies’ staff to regain control of their computer systems. The business filed a claim for $100 million in losses to Zurich American, its property and liability insurer. Zurich, after initially agreeing to pay a portion of the claim — $10 million, later withheld payment, claiming the attack was an act of war and hence not covered by the policy. Mondelez later initiated legal action. 

Later, Mondelez and Zurich America allegedly agreed on the original claim of $100 million, but it was not until Merck's $1.4 billion lawsuit against Ace American Insurance Company for its NotPetya-related damages had been successful in January 2022. The claims made by Merck did not pertain to a cyber insurance policy, but rather to its property and casualty policy. 

Back in the year 2017, while cyber insurance policy was still a budding idea, several company giants filed claims for the exploit pertaining to NotPetya – the one due to which an exploit of an estimated $10 billion happened worldwide – against company assets and casualty policies. 

What Has Changed? 

Before the course of the COVID-19 pandemic, until 2020, these cyber insurance policies were being sold in a similar manner as that of a typical home or auto policy, where the company was the least concerned about their cybersecurity profile, or the tools they would use in order to secure and defend its network or data, or its general cyber hygiene. 

But since numerous ransomware attacks hit the organizations that were built off of lax cybersecurity, insurance carriers eventually started altering their requirements, prioritizing their requirements to acquire such policies, says Alla Valente, senior analyst at Forrester Research. 

Currently, the business model for cyber insurance is substantially distinctive from other policies, marking the cyber insurance policies of 2017 as obsolete. 

What is an “Act of War”? 

Every sort of insurance policy, including cyber insurance policies, has a "War Exclusion." A war exclusion clause generally says that no damages resulting from hostile or warlike activities by a state or its agents are covered. Usually, this exclusion is applicable to a “hot war,” like the one we have witnessed in Ukraine in recent times. Although, courts are beginning to consider cyberattacks as potential acts of war, without the declaration of war or any land troop, aircraft, or any material battlefield. The state-sponsored attacks themselves constitute a war footing, as noted by the carriers. 

The terms of cyber policies from Lloyd's of London will now change in April 2023, excluding liability losses brought on by state-sponsored cyberattacks. As stated by Tony Chaudhry, Lloyd’s underwriting director, in a Market Bulletin published in August 2022, "Lloyd's remains strongly supportive of the writing of cyber-attack cover but recognizes also that cyber-related business continues to be an evolving risk. If not managed properly it has the potential to expose the market to systemic risks that syndicates could struggle to manage." 

In regards to this, Forrester's Valente notes that businesses may have to keep their large cash deposits aside if they ever face a state-sponsored attack. Only if the insurance carriers are successful in claiming in court that a state-sponsored attack is, by definition, an act of war, no business will then have coverage unless they specifically negotiate that into the contract to eliminate the exclusion. 

Scott Godes, partner and co-chair of the Insurance Recovery and Counseling Practice and the Data Security & Privacy practice at District of Columbia law firm Barnes & Thornburg says that, when purchasing cyber insurance, "it is worth having a detailed conversation with the broker to compare so-called 'war exclusions' and determining whether there are carriers offering more favorable terms,"

"Unfortunately, litigation over this issue is another example of carriers trying to tilt the playing field in their favor by taking premium, restricting coverage, and fighting over ambiguous terms," he adds.  

Read more »
Subscribe to: Posts (Atom)