You’ve Been Hacked

“We regret to inform you that, you’ve been hacked”

Ha!

Following the Florida Association of Professional Employer Organization (FAPEO) conference in Tampa this past Summer, I had to skip a flight to Las Vegas to visit with Brother Abram Finkelstein and his extended StaffLink family.  Little did I know that such a seemingly mundane flight to “Sin City” would frighten the hell out of me, and for once, not just because I was 40,000 feet in the sky.  As I sit on another flight to San Antonio going to the National Association of Professional Employer Organization (“PEO”) annual conference, it occurred to me, I had not shared a story with my extended family.

I sat on the aisle, and beside me were a couple normal gentlemen who appeared to be already “Vegas-ready”.  Both in their thirties, the white and black gentlemen were close friends it appeared.   As usual, I was trying to clean out my second home (aka inbox), minding my own business, and then I hear “You going to Defcon?”, from the seat next door.

I paused; I had heard of Defcon and knew that it was a big cyber/computer-related conference, but answered no.  Being a computer/data nerd that sells property and casualty insurance, to include cyber coverage, I started to ask some questions.  My curiosity was now piqued. 

The cyber market is extremely dynamic at present, with both the frequency and severity of cyber events are moving targets.  Too many people with too much time on their hands and open access to “loot” through the world wide web.  Due to my intrigue, and with four hours to spare; I got a quick overview of the biggest hacker convention/bash in the world. 

“I’m not going, but have heard of it.  What is Defcon about?” 

For those that are interested in the history behind Defcon, it was founded in 1993 by self-proclaimed hacker, Jeff Moss. In the first year, Jeff’s parent’s left him in Las Vegas for a weekend.  Bad idea. Shortly thereafter, one hundred invited hackers converged to the desert from the US and Canada and created what is now the world’s largest and most notable hacker convention, held annually still by Mr. Moss, still, and always in, Las Vegas, Nevada.  There have been many documentaries made about this event and the incredible history behind it, in which I have since checked out.  A mini-series, never-mind an article, on its own.

Now split into two conferences week after week, “Black Hat” and “Defcon”, attendees at both events include computer security professionals, journalists, lawyers, federal government employees, security researchers, students, and hackers with a general interest in software, computer architecture, hardware modification, conference badges, and anything else that can be “hacked”.  The event consists of several tracks of speakers about computer- and hacking-related subjects https://forum.defcon.org/node/236142.  Black Hat is more geared to the cyber professionals, engineers and law enforcement meant to prevent hacks.  A higher cost and more formal event.  Defcon is anyone and everyone.  The “curriculum” for Defcon is widely varied with many contests and prizes based on who can hack who, to include the Defcon tickets themselves. That’s the fun of it all.  

My internal IT department was less than enthused about “the fun of it all” when it was understood I was going to be in the cyber equivalent of Beirut.  Hacking is encouraged and celebrated, and you are an unknown participant to the theater if not careful.   This is where the hackers and the enforcement that tracks them converge.  The “white hats” use their knowledge for good; protection and identification of perils.  The “black hats” use this same knowledge, or new technologies/intelligence, for malicious intent.  It is the “gray hats” that create a more opaque quandary; the vigilantes of the cyber community, gray hats are “for-pay” mercenaries used for either side, arguably the most dangerous based on the unknown purpose of their mission and who is behind it.

Defcon was virtual last year (2020), so was sure to be an “out of control” cyber bash in 2021, in accordance too my two new friends.  Some of the highlights that they were looking forward to attending:

  • A follow up to the 60 minutes special on “could the election have been hacked”
  • The ease to “pirate” any commercial marine vessel without ever having to go aboard – in essence, through nothing but the internet, take over all command of a c-5 vessel
  • “Sky Talks” – this is when hackers (black, white or gray hat) go into a sealed off environment and without identity, explain some act of hacking that moves the needle in one way or another
  • Finding fellow ham radio operators because, “what are you going to do if the grid goes down?”

As we continued our discussion, my new friend Tom, probably seeing the fear in my eyes, made the comment “one really should not use the public wi-fi”.  I nervously chuckled, as of course, my computer was connected to the airplane’s wi-fi.  He proceeded to turn his computer towards mine, where my inbox appeared on his screen, and with a big smile asked, “do you want to send your mom an email”. Ha! Big smiles…

This type of hack, very common, is called “Man/Machine in the Middle”.  It is when one computer is taken over by a hacker, whereby the new user has full control, and access, to anything.  Passwords, emails, health info, share drives… anything.

Getting into my system, finding the name of my mother and teeing up an email in Outlook to her took all of three minutes… maybe.

After the fear settled down, I came to a very personal realization that we all need someone like Tom in our lives to help us navigate the cyber threats that accelerate by the day.  The convenience and efficiency of the internet, and all it brings to us, is scattered with unknown perils to most anyone that is not expert to it.  And if you are expert today, tomorrow is yesterday in this field, at the rate it is growing in intellect, opportunity and impact.  Due to our lives now revolving around a “wi-fi Sun”, our control of who comes in and out of our “digital lawns” will be paramount in protecting our business, and ourselves. Make sure to build a fence and lock your doors, as to our hacker friends, “Freedom is Slavery”.

Defcon Conference Badge

Week in Rewind <<

If you haven’t noticed our focus has been heavily weighted in the area of cyber risk! Too many of our friends and clients have been impacted lately by cyber thieves. Yes, we sell insurance, but we are passionate about the benefits of insurance. We are all about Mitigating Risk and Loss Exposure!

So How Does Cyber Insurance Actually Help?

What Does It Cover?

First thing to know here is, in most cases you can design a plan to cover your business’ specific needs. As a generalization Cyber Coverage includes the following:

  • Defense and Settlement – civil proceeding or investigation
  • Regulatory fines and penalties including forensic examination
  • Re-certification services
  • Cyber extortion
  • Ransomware
  • Website media
  • Business interruption
  • Data recovery
  • Crisis management and fraud response
    • notification to breach parties
    • call center operations
    • design and implementation of website for advising breach parties
    • credit monitoring
    • public relations
    • associated legal expenses

What It Does Not Typically Covered

  • Potential future lost profits
  • Loss of value due to theft of intellectual property
  • Improvement costs to internal systems after cyber evet
    • Your other policies may be “activated” in the event of a cyber incident, but there are likely gaps in coverage for what damages are actually covered. The industry term, “Silent Cyber” refers to cyber loss exposure not covered under traditional, non-cyber insurance policies; namely the exposure is silent.

IT Risk Management

In an effort to further educate our audience we are providing links to our previously published articles on creating a better infrastructure to avoid successful attempts.

The Wall Street Journal reported that Colonial Pipeline authorized ransom payment of $4.4 million as a result of the company not being able to quantify the magnitude of the cyberattack breach to their system and the length of time to get things up and running again. Feet held to the fire for resolve and the decryption tool provided for ransom payment did not bring full restore back to Colonial. We can all feel the impact of the Colonial hack.

CNN reports that the Justice Department indicated that 2020 was the worst year for cyber attacks with ransomware demands, on average, exceeding $100,000 but as high as tens of millions of dollars. “….A key lesson here is that while technology and automation is good, we must also have the ability to efficiently operate manually as well. Attacks will happen, but how quick can you recover and restore critical services?”, Brian Harrel, former assistant secretary for infrastructure protection at the Department of Homeland Security, as reported by CNN. Having the support of insurance coverage through a Cyber policy is definitely one way to mitigate recovery exposure, should you fall victim.

NAPEO has pre-recorded webinars and information available on Cybersecurity. For non-members, follow this link to join.

Libertate Insurance Services has access to a variety of programs for Cyber Risk Coverage. Contact us, let us help you identify your Company’s Cyber Risk and find the best placement for your needs.

Cyber Attack Nightmares Continue

While most of us were celebrating Mother’s Day on Sunday, Colonial Pipeline was attempting to assess the damage related to a cyber-attack last week. Colonial Pipeline accounts for 45% of the East Coast’s fuel (diesel and petroleum). Colonial has had to take 4 of their main pipelines offline; they are operating off of smaller lines and delivery points. Impacts from New Jersey down through Texas are expected. As a response to the cyber-attack and limitation of the company’s resources the US government issued emergency legislation to lighten the regulation on fuel transportation. Extended shutdowns are “fueling” fears over pump prices.

The 5 Key anticipated cybersecurity risks in 2021 were reported as Endpoint threats (servers, VPNs and cloud based software services), Remote workforce exposures (weakened network security of remote devices), Cloud Security (business-critical data on cloud platforms), and Shortage of security professionals or services (availability and affordability). You can check out the full article here of expected cyber threat trends for 2021.

Newer threats emerging are “multi-stage attacks like ransomware or “low and slow hacks”. Ransomware attacks gain exposure through stolen credentials and are designed with the goal of systems and data infiltration. While mutli-factor authentication (MFA) is an important security feature to mitigate ransomware attacks, it is reported that 78% of Microsoft 365 admin users don’t activate MFA.

Colonial Pipeline’s hack is reported to be a ransomware attack, ” Sources said the ransomware attack was likely to have been caused by a cyber-criminal gang called DarkSide, who infiltrated Colonial’s network and locked the data on some computers and servers, demanding a ransom on Friday.

The gang tried to take almost 100 gigabytes of data hostage, threatening to leak it onto the internet, but the FBI and other government agencies worked with private companies to respond. The cloud computing system the hackers used to collect the stolen data was taken offline on Saturday, Reuters reported.

Colonial’s data did not appear to have been transferred from that system anywhere else, potentially limiting the hackers’ leverage to extort or further embarrass the company, the news agency said.” You can read the full Colonial Pipeline article issued by BBC News here.

Mitigate Your Cyber Security Risks

1 – Identify and document asset vulnerabilities; What data are you storing?

2 – Identify and document internal and external threats; disgruntled employees, Dark Web techniques

3 – Assess your vulnerabilities; software security up to date and in place

4 – Identify potential business impacts; financial, operational, etc

5 – Identify and prioritize your risk responses; Response plan, best practices, documentation of procedures

Check out our previous articles on Cyber Risk at PEO Compass search Cyber. Libertate Insurance Services has Cyber Programs available to mitigate the loss.