Without a doubt, there was never a dull moment this month. From new analysis on cybercrime trends to major breaches against security vendors, a lot was happening in cyber risk. In the spirit of National Cybersecurity Awareness Month, we have prepared a complete wrap-up of updates for you. So let’s get started!?
?? Learn From Our Experts - Insights for Cyber Resilience:
?? Threat Intel - Stay Informed on The Latest Cyber Threats
LEGAL ACTIONS AND DISCUSSIONS
A brief look at where cybersecurity and the law intersect.?
- Update: FAR Council Proposes Pair of Major Cybersecurity Rules for Government Contracts (Source
)
- ‘Paper Tiger’ State Privacy Laws Worse Than Having No Law at All (Source
)
- Vietnam Cites Child Safety in Calls for Greater Social Media Censorship Used to Stifle Dissent (Source
)
- Many companies are far from ready for fast-approaching SEC cybersecurity deadline (Source
)
- Polish government warns of disinformation after fake messages are sent out before election (Source
)
- Anonymous Sudan claims cyberattack on Spotify. Anonymous Sudan has claimed responsibility for a cyberattack on Spotify that disrupted the music streaming platform's website. According to a post on the group's dark web page, the attack occurred on October 6th, 2023, and lasted for around one hour. The Skynet and Godzilla botnets distributed the denial-of-service attack. (Source
)
- Portuguese city of Gondomar hit by Rhysida ransomware. On September 27th, 2023, the Portuguese city announced it suffered a cyberattack that forced officials to take systems offline. On October 2, 2023, officials stated that online services would be out of operation for a week, but residents could still access some in-person services. As of October 6th, the city's email systems remained down. Rhysida ransomware has claimed responsibility for the attack, sharing samples of passports and other financial documents allegedly stolen from the city on their leak site. (Source
)
- Forum user allegedly stole data from Mexico's Senate. An anonymous forum user claims to have stolen 19.4GB of data from Mexico's official Senate website. The data reportedly spans from September to October 2023 and comprises over 1,000 files. Compromised data could include legislative proposals, confidential briefings, and communications among government officials. (Source
)
?? ICYMI - What's New in Cybersecurity and Insurance:
INSURANCE NEWS:
- Cyber Insurance at Inflection Point
. Irresponsible competition, often driven by a desire to boost market share, is forcing prices down and softening terms and conditions for cyber policies. A softening market seems like good news for insurance buyers but inevitably leads to volatility in insurance rates and constrictions in coverage. This kind of rubber-band effect, with pricing that stretches and snaps back, destabilizes the market and removes risk transfer options for buyers and their risk advisers.
- Resilience secures RSA and Accredited capacity as UK and Europe limit rises to £10mn
. Cyber insurtech Resilience has increased its underwriting capacity limit to £10mn ($12.1mn) for insureds in the UK and continental Europe, in a partnership with RSA Insurance and R&Q’s hybrid fronting business Accredited.
- Vitale: MGAs have cemented a premier role in the risk transfer process
. MGAs and program managers have evolved from a soft market tool for carrier growth to a permanent fixture, becoming the “premier part” of the risk transfer process by delivering profitable underwriting results and meeting the specialty needs of clients through innovation, according to Resilience president Mario Vitale.
- Howden Secures £500 Million Deal to Transform Start-ups into Underwriters | Insurtech Insights
. Howden, the prominent UK insurance broker, has successfully secured £500 million in insurance capacity from a consortium of Lloyd’s of London firms. Howden will also assume minority ownership stakes in the partnering groups and has committed £10 million in funding to this transformative effort.
- Intact eyes up further MGA opportunities
. Intact Financial’s global specialty lines platform is continuing to target niche-focused MGA opportunities where it can strategically partner through investment or ownership as well as providing capacity, according to the division’s CEO Mike Miller.
- Lloyd’s finds major hack of a payments system could cost $3.5tn
. Insurers and policymakers are increasingly worried about the threat to infrastructure from cyber attacks.
- Marsh Launches Global Cyber Practice to Strengthen Worldwide Cybersecurity Offerings | Insurtech Insights
. Marsh has announced the launch of a groundbreaking initiative—the Marsh Specialty global cyber practice.
CYBERSECURITY NEWS:
- Ransomware Comes Back in Vogue for Cybercriminals
. Ransomware was also a major cause of claims for clients of insurer Resilience Cyber Insurance Solutions, the company said in its midyear claims report, published Tuesday. Resilience said that around 16.2% of its total claims were related to this method of cyberattack.
- UK logistics firm blames ransomware attack for insolvency, 730 redundancies
. KNP Logistics was listed earlier this year by the Akira ransomware group.?
- Fort Lauderdale, Florida, taken for $1.2M in email scam | StateScoop
. Fort Lauderdale, Florida, paid $1.2 million to what they believed was a contractor for a new police headquarters building.?
- Clorox Warns of a Sales Mess After Cyberattack
. Cleaning giant says quarterly sales will drop at least 23% and it will post a deep loss after intrusion disrupted its business.?
- NSA and CISA Advise on Top Ten Cybersecurity Misconfigurations.
The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) are releasing a joint Cybersecurity Advisory (CSA) highlighting the top ten most common cybersecurity.
- ‘Corporate terrorism at its finest’: MGM Resorts CEO on cyberattack
. MGM Resorts International CEO Bill Hornbuckle gave new details about the September cyberattack that crippled his company for nine days and said it would emerge stronger than ever.
- Genetics firm 23andMe says user data stolen in credential stuffing attack
. 23andMe has confirmed to BleepingComputer that it is aware of user data from its platform circulating on hacker forums and attributes the leak to a credential-stuffing attack.
- Hackers Stole Access Tokens from Okta's Support Unit
. Okta, a company that provides identity tools like multi-factor authentication and single sign-on to thousands of businesses, has suffered a security breach involving a compromise of its customer support unit, KrebsOnSecurity has learned. Okta says the incident affected a “very small number” of customers, however, it appears the hackers responsible had access to Okta’s support platform for at least two weeks before the company fully contained the intrusion.
- 1Password discloses security incident linked to Okta breach
. 1Password, a popular password management platform used by over 100,000 businesses, suffered a security incident after hackers gained access to its Okta ID management tenant.
What did we miss? Share your highlights of the month with us in the comments below??
Thank you for reading. Before you go...
Hit subscribe so you don’t miss our next issue. For more trends and insights from Cyber Resilience experts, follow our LinkedIn page
for weekly blog posts, videos, and more!
VP of Marketing at Resilience | NYU Stern MBA Candidate
1 年insightful as always. Thanks for sharing!
Security Engineer at Resilience | GSEC | GFACT | AZ-900 | AI-900
1 年Definitely an insightful read to keep up to date - followed & subscribed!