Rapid7: Ransomware Playbook - understanding cyber risk
The COVID-19 pandemic has accelerated digital transformation across several segments and the banking, insurance and finance sectors are no different.
As remote working becomes more commonplace and operations are integrated further with technology, the risk of organisations holding sensitive or valuable information grows exponentially and Rapid7 hopes to redress the balance by keeping companies informed.
“Victims of ransomware attacks suffer the impact of productivity and revenue loss due to work stoppage,” says the report. “Ransomware is a unique security threat where most of the security team’s effort is spent on prevention and response because once ransomware is detected, it's too late.”
Before expanding on the actions that can be taken, Rapid7 advocates a primer in the forms that contemporary cyber risk can take. The company puts forward this definition:
“Ransomware is malicious software that covertly encrypts your files—preventing you from accessing them—and then demands payment for their safe recovery.
“Like most tactics employed in cyber-attacks, ransomware attacks can occur after clicking on a phishing link or visiting a compromised website.”
Methods used to gain infiltration could include targeting a user through compromised email accounts that they have had legitimate contact with. Other techniques include:
- Spear phishing: sending targets a clickable link or attachment.
- Drive-by: exploiting a web browser vulnerability.
- Exploitation: embedding ransomware at a point of vulnerability and then allowing it to proliferate automatically.
- Replication: networked media which encrypts ransomware as it simultaneously infects the targetted user.
- Valid accounts: an ‘outsider from within’ approach, wherein the perpetrator has legitimate access to the system from the onset.
Once contact is made, the targeted user will be prompted to open a link, download some software or otherwise coerced into introducing malicious content to their computer.
Now that the ransomware has been embedded, it can be used to steal information or lock the legitimate user out of core systems, with the subsequent refusal to unlock it unless a ransom is paid - hence the name.
How has ransomware changed?
Previously, ransomware relied on unsophisticated mail merges which targetted large quantities of potential victims simultaneously.
Now, however, Rapid7 states that this is changing:
“Increasingly over the past few years, there has been a shift to "big-game hunting" threat actors leveraging access established by taking advantage of poor security controls in an environment like an unpatched externally facing server, unsecured remote access solutions, or an undetected banking trojan (such as TrickBot, Emotet, or Dridex).”
Described as a more ‘hands-on’ approach, the infiltrators are able to gain incremental control over a system until a business’ services are rendered incapacitated. This can be disastrous for banks, which not only have compromised their customer’s data but could also suffer long-term reputational damage too.
In our next article on Rapid7’s Ransomware Playbook, we will explore what actio ns enterprises can take to mitigate the threat and how Rapid7 can find the optimal solution for the prevention, identification and elimination of cyber risk.
Anti-fraud technology firm FRISS raises US$65mn in funding
FRISS, a technology firm specialising in anti-insurance fraud and provider of AI-focused insurance fraud prevention products, has today announced it has raised US$65mn in Series B funding to expand its business and develop new products. Led by private equity firm Accel-KKR, the round was endorsed by investor Aquiline and advised by FT partners.
The company, active in more than 40 countries worldwide, will aim to save insurers around US$2bn in capital obtained from fraudulent activity this year alone. “We’ve been around for 15 years and completed over 200 implementations,” said Jeroen Morrenhof, FRISS CEO and co-founder.
“FRISS is ready to scale exponentially through our Series B, taking our mission of accelerating safe digital transformation throughout the policy lifecycle to the next level,” Morrenhof added.
How does FRISS’ anti-fraud technology work?
The technology used by FRISS to detect fraudulent activity integrates artificial intelligence (AI) to help insurers reduce losses and increase operational efficiency. The company said it offers real-time end-to-end P/C insurance fraud analytics products and services covering the complete lifecycle of the policy, including automated underwriting risk assessment to fraud detection during claims and comprehensive case management.
Alerts are displayed via integrations with core systems such as Guidewire, Duck Creek, Sapiens, and Keylane. In addition, the system can pull additional information from various available data points to create a “holistic view of the risks attached to each policy request, renewal, or claim,” the company said.
Insurance fraud and ghost broking
Leading UK car insurance firm Aviva found more than 12,000 fraudulent claims were made in 2020, totalling more than £113mn. This amounts to 33 claims per day or one every hour. The company expects insurance fraud to increase due to the financial strain brought about by the coronavirus pandemic. It also found that more than 19,000 claims were under investigation for fraud whilst fraudulent policy applications and Ghost Broking grew by 34%. Ghost broking is a type of insurance fraud predominantly affecting the car insurance sector. It involves a fraudster or scammer targeting higher-risk individuals such as newly qualified drivers and elderly people, pretending to be either an insurer or someone who can purchase insurance on a driver’s behalf.
They tend to advertise their services on social media, university campuses, pubs, and students forums, promising cheaper insurance. After claiming to have purchased insurance successfully, they then cancel the insurance and leave the victim with no cover. They may also forge insurance documents or falisfy a driver’s details, invalidating the policy.