Cybersecurity Snapshot: DHS Tracks New Ransomware Trends, as Attacks Drive Up Cyber Insurance Cl…>
– Juan Perez
The Coalition’s “2023 Cyber Claims Report: Mid-year Update” reveals that ransomware attacks have caused a significant increase in cyber insurance claims.
The report states that cyber claims rose by 12% in the first half of 2023 compared to the second half of 2022, with ransomware attacks driving much of this surge.
Specifically, ransomware claims increased by 27% during the first six months of 2023, and the average ransom demand grew by 47% to reach $1.62 million.
The severity of ransomware claims also reached a record high in the first half of 2023, with an average loss of over $365,000 per claim.
Ransomware claims accounted for 19% of all reported claims during this period.
The report emphasizes the need for organizations to be prepared to fend off ransomware attacks and highlights the importance of cyber insurance coverage.
In a separate development, the FBI and CISA have issued a joint advisory warning critical infrastructure organizations about the Snatch ransomware group.
The advisory provides details about Snatch’s tactics, techniques, and procedures, as well as indicators of compromise associated with this ransomware variant.
Snatch primarily targets critical infrastructure organizations in sectors such as defense, agriculture, and information technology.
The advisory also mentions the possibility of double extortion, where the victims’ data is threatened to be leaked if the ransom goes unpaid.
Moving on, CISA’s Known Exploited Vulnerabilities (KEV) catalog, which lists vulnerabilities that have been exploited in the wild, has reached 1,000 entries.
The KEV catalog was created to prioritize vulnerabilities based on their exploitation in real-world attacks.
CISA confirms the exploits and identifies effective mitigations for each vulnerability included in the catalog.
Remediation timelines are set for federal civilian executive branch agencies, requiring internet-facing KEVs to be remediated within 15 days and all other KEVs within 25 days.
CISA plans to continue incorporating the KEV catalog into vulnerability management tools and provide richer context for each vulnerability, including potential use by ransomware actors.
OpenSSF has released the “Source Code Management (SCM) Best Practices Guide,” a comprehensive resource aimed at developers and security operations teams working with source code projects on SCM platforms.
The guide covers various practices, including user authentication, access control, change management, CI/CD hardening policies, branch protection policies, access controls, and permissions.
It provides recommendations to enhance the security of source code projects by following best practices and adopting appropriate policies.
Finally, according to IoT Analytics’ “Global Cellular IoT Module and Chipset Market Tracker & Forecast Q2 2023” report, most cellular IoT modules shipped in Q2 2023 lack dedicated hardware security.
Only 34% of these modules had dedicated hardware security, 37% had non-dedicated hardware security, and 29% had no security features at all.
The report highlights the importance of manufacturers adopting dedicated hardware security to ensure the authenticity of modules and protect device keys.
For more information on these topics, you can refer to the following sources:
1.
Coalition’s “2023 Cyber Claims Report: Mid-year Update” (September 2023)
2.
FBI and CISA joint advisory on Snatch ransomware
3.
CISA’s Known Exploited Vulnerabilities (KEV) catalog
4.
OpenSSF’s “Source Code Management (SCM) Best Practices Guide”
5.
IoT Analytics’ “Global Cellular IoT Module and Chipset Market Tracker & Forecast Q2 2023” report
Link: https://www.tenable.com/blog/cybersecurity-snapshot-dhs-tracks-new-ransomware-trends-as-attacks-drive-up-cyber-insurance