Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label insurance. Show all posts

HDFC Life Responds to Data Leak, Engages Cybersecurity Experts

 


According to HDFC Life Insurance, the company recently reported a cyberattack resulting in stolen confidential customer data. Cybercriminals allegedly accessed sensitive policyholder information and demanded extortion from the insurance company, so the company submitted a complaint to the South Region Cyber Police. As per the complaint, there was a breach of security at the company between November 19 and November 21, 2024. 

The cybercriminals, operating under the alias of bsdqwasdg@gmail.com and using a WhatsApp account to send unencrypted communications, managed to steal the

personal data of HDFC Life's clients. In a news release on Monday, HDFC Life Insurance Company, the country's second-largest private insurer by premiums, reported that customer information had been stolen from their system. 

In recent months, there has been a second major data breach within the insurance sector following thee leak of many gallons of personal information by Star Health & Allied Insurance a few months ago. Star Health and Allied Insurance had previously been subject to a cyberattack, as well as a forensic investigation conducted by independent cybersecurity experts, into the incident.

The data breach that occurred at Star Health's servers reportedly resulted in the sale of sensitive information about 31 million customers - an amount of 7.24 terabytes estimated - on the messaging network Telegram as part of the breach.  In its article, the Insurance Regulatory and Development Authority of India (IRDAI), which controls the insurance industry in India, had indicated that, even though insurers have not been named, it takes security breaches very seriously and is committed to continuing its engagement with the companies to ensure the interests of policyholders are protected fully. 

There was a lot of personal information leaked, including names, addresses, phone numbers, tax details, and sometimes even medical records of the insurance policyholders. It was reported that Star Health's chief information security officer (CISO), Amarjeet Khanuja, had sold the company's data for $150,000 after a hacker allegedly accessed the data through the company's network. There was another incident involving the loss of data at Tata AIG as well. 

A few days after the presidential election, HDFC Life Insurance received several emails claiming to have been sent by an anonymous sender who claimed to have stolen the sensitive information of its customers. A hacker attached data to the email that included the names, policy numbers, addresses, and phone numbers of 99 of his victims. 

As outlined in the email, unless negotiations are conducted, the data of the company will be leaked or sold to third parties. According to the hacker, the company has two days to respond to the threat and its reputation could be jeopardized. A series of messages had been sent over the weekend of November 20 and 21 by the extortionist, warning the company that if they failed to negotiate, a massive leak would occur. As stated in one of the messages, the company will have to suffer losses of "hundreds of billions of rupees" if the transaction goes through, along with a damaged reputation and regulatory pressure from the government. 

It was requested by the hacker that he pay money in exchange for preventing the exposure of the information. A security expert examined the breach and verified its authenticity with the help of HDFC Life Insurance, which then decided to engage the police and inform the appropriate authorities of the breach. 

As a result, the company has given its customers the assurance that it is taking all possible measures to ensure their information is protected and that the impact of the data theft is minimized. It was decided to file a case under sections 308(3) (extortion) as well as 351(4) (criminal intimidation) of the Bharatiya Nyaya Sanhita, 2023 along with the relevant provisions of the Information Technology Act, 2000, for the commission of the offence. 

There was a statement from HDFC Life that stated the company is committed to safeguarding the interest of its customers and will take swift action to resolve this matter. In recent months, other insurers, including Star Health Insurance and Tata AIG, have also admitted to data breaches as a result of intrusions into their systems. 

It is because of these incidents that IRDAI is constantly monitoring insurers' data security frameworks and ensuring that the necessary corrective actions are being taken as soon as possible. A growing number of cyber threats are posing serious risks to the privacy of customers and the accountability of organizations in the insurance sector. 

HDFC Life's proactive measures reflect the industry's recent push to enhance cybersecurity measures continuously to ensure that the risk of these breaches in the future is diminished. A number of cybersecurity measures have been put in place by the IRDAI to ensure that data protection is robust and that millions of policies are protected

Global Effort Unites Against Ransomware: New Guidance to Strengthen Business Defenses

  

Ransomware attacks continue to pose significant challenges for businesses worldwide, with incidents on the rise. 

In response, the UK, along with 38 other nations and international cyber insurance organizations, has collaborated to release updated guidance aimed at supporting victims and enhancing resilience. This guidance advises against making immediate ransom payments, as recovery of data or malware removal is not guaranteed, and paying ransoms often encourages further criminal activity.

Instead, businesses are urged to create a comprehensive response plan, with policies and contingency measures in place. Organizations that fall victim to ransomware should report the incident to law enforcement and consult security professionals for expert guidance.

Ransomware has become a lucrative venture for cybercriminals, causing an estimated $1 billion in losses in 2023. By removing the incentive for criminals, these new policies aim to weaken the ransomware business model and reduce future attacks.

"International cooperation is crucial in fighting ransomware as cybercrime knows no borders," stated Security Minister Dan Jarvis. He emphasized that this collective effort will hit cybercriminals financially and better protect businesses in the UK and beyond.

The UK is taking a leading role, collaborating with three major insurance organizations—the Association of British Insurers, the British Insurance Brokers' Association, and the International Underwriting Association—to issue co-sponsored guidance. Meanwhile, the UK National Crime Agency has taken steps by sanctioning 16 individuals from the 'Evil Corp' cybercrime group, responsible for over $300 million in theft from critical infrastructure, healthcare, and government sectors.

Jonathon Ellison, Director for National Resilience at the NCSC, highlighted the urgency of addressing ransomware threats: "This guidance, backed by both international bodies and cyber insurance organizations, represents a united front in bolstering defenses and increasing cyber readiness."

Significant Drop in Cyber-Insurance Premiums Makes Coverage More Affordable

 

Over the last year, a steady decline in premium rates has made cyber-insurance coverage more accessible and affordable for organizations of all sizes.

The primary driver behind this decrease is the increasingly competitive marketplace, with more insurance companies offering coverage for cybersecurity incidents such as ransomware attacks and data breaches. Additionally, improved cyber hygiene among insured organizations has contributed to the lower rates, according to a recent report from London-based Howden Insurance.

Howden's report highlighted a 15% reduction in average cyber-insurance premium rates in 2023 compared to the previous year. This decline follows a two-year period from December 2020 to December 2022 when rates surged due to a significant increase in ransomware-related claims.

Sarah Neild, head of cyber retail, UK, at Howden, stated, "Favorable dynamics have persisted into 2024, with the cost of cyber insurance continuing to fall despite ongoing attacks, heightened geopolitical instability, and the proliferation of GenAI. At no other point has the market experienced the current mix of conditions: a heightened threat landscape combined with a stable insurance market underpinned by robust risk controls."

Howden’s findings are echoed by US-based Aon, which reported a 17% decline in premium rates in 2023 compared to 2022. Aon also anticipates stable pricing through the end of the year due to ample capacity and a competitive market environment. Aon’s analysis showed that a rise in ransomware and other cyberattacks, alongside heightened regulatory reporting requirements, has increased interest in cyber insurance among organizations.

Shawn Ram, head of insurance at Coalition Insurance, noted that premium rates have declined even as cybersecurity-related claims have risen over the past year. "In 2023, overall claims frequency increased 13% year-over-year, and overall claims severity increased 10% YoY, resulting in an average loss of $100,000. Claims frequency increased across all revenue bands, with businesses between $25 million and $100 million in revenue seeing the sharpest spike — a 32% YoY increase." Despite the increased claims activity, pricing for cyber insurance remains stable due to the robust capacity in the market.

Insurance companies have become more adept at evaluating cyber risk, says Andrew Braunberg, an analyst with Omdia. "Carriers are getting a lot smarter in how they assess the cyber risks of prospects and the way they write up coverage," he explains, adding that insurers now conduct more thorough risk assessments and expect proactive security technologies to be in place.

Howden expects demand for cyber insurance from small and midsize enterprises (SMEs) to drive growth and price stability in the market over the next few years. SMEs, which contribute nearly half of the GDP in major economies, represent an underserved demographic offering significant growth opportunities for insurers and brokers. The market is also projected to expand significantly as insurance companies look to grow outside the US, which currently accounts for two-thirds of the global market.

Xing Xin, CEO and co-founder of cyber insurer Upfort, believes that while there are enough insurers eager to write more business around cybersecurity to keep prices stable for now, increased claims frequency and severity may eventually impact underwriting and rates. "A widespread cybersecurity issue that systemically triggers a high count of policies could reverse the current trend, leading to accelerated rate growth," he cautions.

By leveraging these insights, Elivaas can stay ahead in the rapidly evolving landscape of cyber-insurance, ensuring robust protection for their clients and continued market leadership.

Enhancing Cybersecurity: Automated Vulnerability Detection and Red Team Exercises with Validation Scans



In today's digital age, cybersecurity has become a top priority for organizations of all sizes. The ever-evolving landscape of cyber threats necessitates robust and comprehensive approaches to identifying and mitigating vulnerabilities.

Two effective methods in this domain are automated vulnerability detection and red team exercises. This article explores how these methods work together, the process of recording identified vulnerabilities, and the crucial role of human analysts in prioritizing them.

Automated Vulnerability Detection:

Automated vulnerability detection tools are designed to scan systems, networks, and applications for known vulnerabilities. These tools leverage databases of known threats and employ various scanning techniques to identify potential security weaknesses. The benefits of automated detection include:

1. Speed and Efficiency: Automated tools can quickly scan large volumes of data, significantly reducing the time needed to identify vulnerabilities.

2. Consistency: Automated processes eliminate the risk of human error, ensuring that every scan is thorough and consistent.

3. Continuous Monitoring: Many automated tools offer continuous monitoring capabilities, allowing organizations to detect vulnerabilities in real time.

However, automated tools are not without their limitations. They may not detect new or complex threats, and false positives can lead to wasted resources and effort.


Red Team Exercises:


Red team exercises involve ethical hackers, known as red teams, who simulate real-world cyber attacks on an organization's systems. These exercises aim to uncover vulnerabilities that automated tools might miss and provide a realistic assessment of the organization's security posture. The advantages of red team exercises include:

1. Real-World Scenarios: Red teams use the same tactics, techniques, and procedures as malicious hackers, providing a realistic assessment of the organization's defenses.

2. Human Ingenuity: Human testers can think creatively and adapt to different situations, identifying complex and hidden vulnerabilities.

3. Comprehensive Assessment: Red team exercises often reveal vulnerabilities in processes, people, and technologies that automated tools might overlook.

Recording and Prioritizing Vulnerabilities:

Once vulnerabilities are identified through automated tools or red team exercises, they need to be meticulously recorded and managed. This is typically done using a bugtrack Excel sheet, which includes details such as the vulnerability description, severity, affected systems, and potential impact.

The recorded vulnerabilities are then reviewed by human analysts who prioritize them based on their severity and potential impact on the organization.

This prioritization is crucial for effective vulnerability management, as it ensures that the most critical issues are addressed first. The analysts categorize vulnerabilities into three main levels:

1. High: These vulnerabilities pose a significant risk and require immediate attention. They could lead to severe data breaches or system compromises if exploited.

2. Medium: These vulnerabilities are less critical but still pose a risk that should be addressed promptly.

3. Low: These vulnerabilities are minor and can be addressed as resources allow.

Machine-Readable Vulnerability Reports and Automated Validation:

Once the vulnerabilities are prioritised and added to the bugtrack, it is essential to provide customers with the information in a machine-readable format. This enables seamless integration with their existing systems and allows for automated processing. The steps involved are:

1. Machine-Readable Format: The bugtrack data is converted into formats such as JSON or XML which can be easily read and processed by machines.

2. Customer Integration: Customers can integrate these machine-readable reports into their security information and event management (SIEM) systems or other security tools to streamline vulnerability management and remediation workflows.

3. Automated Remediation and Validation: After addressing the vulnerabilities, customers can use automated methods to validate the fixes. This involves re-scanning the systems with automated tools to ensure that the vulnerabilities have been effectively mitigated. This is done using YAML scripts specifically added to the vulnerability scanning tool to scan. Output is analyzed to see if a vulnerability is fixed.

Network and Application Vulnerability Revalidation:

For network level vulnerabilities, revalidation can be done using the Security Content Automation Protocol (SCAP) or by automating the process using YAML/Nuclei vulnerability scanners.

These tools can efficiently verify that the identified network vulnerabilities have been patched and no longer pose a risk.

For application level vulnerabilities, SCAP is not suitable. Instead, the bugtrack system should have a feature to revalidate vulnerabilities using YAML/Nuclei scanners or validation scripts via tools like Burp Suite Replicator plugin. These methods are more effective for confirming that application vulnerabilities have been properly addressed.

Conclusion:

Combining automated vulnerability detection with red team exercises provides a comprehensive approach to identifying and mitigating security threats.  Automated tools offer speed and consistency, while red teams bring creativity and real-world testing scenarios. Recording identified vulnerabilities in a bugtrack Excel sheet, providing machine-readable reports, and validating fixes through automated methods ensure that resources are effectively allocated to address the most pressing security issues.

By leveraging these methods, organizations can enhance their cybersecurity posture, protect sensitive data, and mitigate the risk of cyber attacks. As the threat landscape continues to evolve, staying proactive and vigilant in vulnerability management will remain essential for safeguarding digital assets.

The entire vulnerability monitoring with the automated machine-readable format for validating has been implemented in DARWIS VM module.

-----------
Suriya Prakash & Sabari Selvan
CySecurity Corp 
www.cysecuritycorp.com

As Cyber Risk Increases, Insurers Must Provide a Better Market to Businesses in Need of Protection

 

This year has once again shown the domino effect that follows a crisis and the impact it has on businesses, from increasing rates to Russia's invasion of Ukraine. As we enter a new year, there are numerous lessons to be learned. If we consider the conflict in Ukraine, the geopolitical situation led to sanctions against Russian-based companies, sharp increases in operational and energy costs, interruptions in supply chains, significant financial losses for companies around the world, and greater vulnerability to cyberattacks. 

Businesses currently operate in a period of increased vulnerability to cyberattacks, with rising anxiety around cyberwarfare and information security systems. This is particularly true in industries that support crucial UK infrastructures such as aviation, transport, IT and telecoms and finance.

According to a City A.M survey of businesses, 79% of respondents across all industries had been the victim of a cyberattack this year, with 50% of those attacks resulting in a loss of data or money. These attacks have the potential to completely destroy businesses, resulting in data breaches, serious disruptions to regular business operations, lost revenue, and enormous financial expenses to investigate and restore systems. 

The biggest shift in 2022 has been that absolutely no one is protected because hackers are increasingly targeting industries that were once considered classic "targets," such as finance. The pandemic's impact on the retention of work-from-home habits is one factor contributing to this rise. 

In addition to making security more difficult to manage across more devices, locations, and communications platforms, remote working increased vulnerability and exposure to cyberattacks at the same time when hacker activity was sharply on the rise.

Since businesses are aware of this, cyber insurance is a crucial line of defense, despite its shortcomings. According to the poll, 77% of businesses believe their insurance protects them, at least in part, against the risk of cyberattacks. This is a significant improvement over the results of our previous survey from 2018, which indicated that only 30% of large enterprises have cyber-specific insurance.

However, there are concerns over the value and cost of this insurance. The price of cyber insurance has skyrocketed while the level of security offered has frequently been significantly diminished at a time when corporations are more vulnerable to cyberattacks and can least afford downtime.

Many policies now have more extensive exclusions, more limited definitions of coverage, and less incident response help available. Some forms of insurance, such as those covering ransomware or the expenses of their own IT interruption, may be outright inaccessible to the most susceptible firms. This poses severe concerns about the business insurance model since it makes protection considerably more difficult to obtain just when it is most required.

The environment is challenging for organizations attempting to defend themselves against cyber assaults. Researchers are observing rates rising and coverage declining, signs of a "hard market" in the insurance sector that has now lasted the longest on record and been prolonged by the current state of economic uncertainty. Following a high increase of 102% year over year in the first quarter, UK cyber insurance pricing climbed by 66% in the third quarter of 2022, according to Marsh's insurance pricing index. With an average premium cost that is already four times what it was in 2018, it is increasing much more quickly in the UK than in any other market.

Businesses are then forced to choose between investing in IT security and purchasing insurance coverage in case that security fails, which forces them to make difficult financial decisions. Insurance has a critical role to play in protecting organizations from unforeseen or unprotectable disasters and in promoting best practices in proactive security and incident response. This shouldn't be an either/or choice.

The insurance industry's response has been characterized by price increases ahead of projected losses, rather than taking action to assist businesses around the UK confronting an ever-increasing cyber threat. Instead, insurance companies should have a deeper comprehension of their clients' risk and offer assistance as a last choice.

With 2023 just around the corner and the possibility of cyberattacks becoming more and more common, businesses may find themselves in a difficult situation as they rush to find the best defense. Since cyber risk is not going away anytime soon, insurers need to prevent a situation where prohibitively expensive and inadequate coverage helps push enterprises even closer to the precipice.

SEC: Watch Out for Hurricane Ida Related Investment Scams

 

The Securities and Exchange Commission (SEC) has issued a warning about fraud associated with Hurricane Ida, which wreaked havoc in numerous states last week with torrential rain and tornadoes, leaving millions without power. 

The SEC's Office of Investor Education and Advocacy releases investor alerts regularly to caution investors about the latest investment frauds and scams. Fraudsters would most likely target people who may receive compensation from insurance companies in the form of huge payouts as a direct result of Hurricane Ida's destruction. 

The SEC explained, “These scams can take many forms, including promoters touting companies purportedly involved in cleanup and repair efforts, trading programs that falsely guarantee high returns, and classic Ponzi schemes where new investors' money is used to pay money promised to earlier investors." 

"Some scams may be promoted through email and social media posts promising high returns for small, thinly-traded companies that supposedly will reap huge profits from recovery and cleanup efforts." 

AccuWeather CEO, Dr Joel Myers calculated that Hurricane Ida caused almost $95 billion in total damage and economic loss. Millions of individuals will now have to deal with insurance companies to cover the cost of water damage and other difficulties caused by the hurricane's aftermath. 

The SEC added that following the devastation by Hurricane Katrina in 2005, they were compelled to take action against hundreds of false and misleading statements concerning alleged business prospects.

Precautionary Measures

In the context of mitigating the risk and preventive measures, SEC urged, "Be sceptical if you are approached by somebody touting an investment opportunity. Ask that person whether he or she is licensed and whether the investment they are promoting is registered with the SEC or with a state." 

"Take a close look at your entire financial situation before making any investment decision, especially if you are a recipient of a lump sum payment. Remember, your payment may have to last you and your family for a long time." 

This advisory follows the one issued by the FBI's New Orleans office, which warned the public about an elevated risk of scammers attempting to profit from the natural calamity. 

"Unfortunately, hurricane or natural disaster damage often provides opportunities for criminals to scam storm victims and those who are assisting victims with recovery," the FBI warned. 

The FBI also offered a list of safeguards that victims of natural disasters should follow to avoid getting scammed, including: 
  • Unsolicited (spam) emails should be ignored. 
  • Be cautious of anyone posing as government officials and requesting money via email. 
  • Clicking on links in unsolicited emails is not a fine decision. 
  • Only open attachments from known senders; be wary of emails purporting to have photos in attached files, as the files may contain viruses. 
  • Do not give out personal or financial information to anybody asking for donations; doing so might jeopardize your identity and leave you vulnerable to identity theft. 
  • Be vigilant of emails purporting to provide employment. 
  • Before transferring money to a potential landlord, do your research on the advertisement.

AIG Launches New Cyber Threat Analysis Service to Understand Cyber Risks

American International Group Inc., an American multinational insurance company, has launched a new system for cyber threat analysis.

The system scores companies on the degree to which a cyber attack may affect their business and the potential costs involved. It compares the company’s risk of having a breach to the safeguards it has in place.

Tracy Grella, AIG’s Global Head of Cyber Risk Insurance, in an interview said, “AIG’s underwriters have been using the computerized analysis since November, which combines information from a new insurance application designed for the process and data about current cyber threats to generate scores on various related factors.”

With mounting cyber threat to businesses, this system hopes to provide a way to measure the risk involved in a business so that cyber coverage in insurance may be taken into consideration.

This comes after AIG in October said that they will review all coverage types to check for cyber risk and give insurers a clear picture about cyber coverage and estimated financial exposure. They will also create a cyber-risk report for the customers with the analysis scores for understanding and comparing.

Along with this, AIG also announced their partnership with cybersecurity companies CrowdStrike Inc and Darktrace, on Tuesday, to launch CyberMatics, a service that verifies information AIG receives from customers’ cybersecurity tools.

Darktrace Chief Executive, Nicole Eagan, said, “The service uses artificial intelligence, or the ability of machines to carry out tasks normally associated with human intelligence, to look inside an insured company’s network for strengths and vulnerabilities.”

Tracy Grella said that while companies are not required to use the service, those who do may be able to negotiate more favourable policy terms.