Cyber-demic’s Dark Side

July 2021

A monthly digest on dark web activity which is heavily influenced by the impact of COVID-19, remote working, nation state activity, seasonal scams, major data breaches, as well as general ID theft protection, data trends, tips and recommendations.

---------------------------------------------------------------------------------------------------------------

Watch for That Shadow

Did you know about Facebook shadows?...Those shadow profiles aren't just a rumor or a conspiracy theory…They came to light after Facebook discovered there was a leak of people's contact details all the way back in 2013…The leak revealed information for people who had never signed up to Facebook...Thus revealing the existence of shadow profiles…Oops…Everyone knows that Facebook collects personal data, but shadow profiles are one of the more intrusive methods the social network uses to collect data…So what is it exactly…They are profiles that you do not make yourself, instead, Facebook collects data and creates shadow profiles without your knowledge or consent…For instance, let's suppose you don't have a Facebook account but one of your friends, however, makes an account on Facebook…Then Facebook offers them a special service where they can import their contacts to find friends already on the service…Your friend thinks this is a great idea, so they import their contacts list to Facebook and then the company can go through the contact details and let your friend know if any of their friends have also made an account…However, while it's scanning the list, Facebook will find the contact details of people who aren't signed up yet and instead of ignoring this data, Facebook will create a shadow profile for you behind the scenes, allowing it to store your personal data…Hope I didn’t lose you.

Cyber Insurance Industry’s Wake Up Call

For years now the cyber insurance industry has been slow to adopt new underwriting?threat models to properly assess the emerging dangers in the world of cyberattacks…Direct loss ratio, a critical statistic for the industry, spiked in 2020 to 73%, compared with an average of 42% for the previous five years (2015–2019), according to a May 2021 Fitch Ratings report…And the average paid loss for a so-called closed standalone cyber claim jumped to $359,000 in 2020 from $145,000 in 2019…The number of organizations affected by ransomware has jumped 102% compared to the beginning of 2020 and "shows no sign of slowing down," according to a research note from IT security firm Check Point in May…Recently, ransomware criminals have targeted at least three North American insurance brokerages that offer policies to help others survive, according to an AP report…Cybercriminals typically try to learn how much cyber insurance coverage the victims have and, alas, by knowing what victims can afford to pay can give them an edge in ransom negotiations…This knowledge will most likely create a vicious circle in the years to come as high-risk companies sign-up for larger insurance policies which in turn will result in higher and higher ransomware payment demands when they are breached. Read more about cyber insurance in my colleague Mike Bruemmer’s post.?