Welcome to the latest edition of our Cyber Insurance newsletter. This month we'll be considering:

  • The "significant and growing" risk of cyber threats, as outlined by a recent report by the National Cyber Security Centre and the National Crime Agency;
  • The large scale impact of attacks on Industrial Connected Devices;
  • The Internet of Things and the rise of Botnets;
  • "More aggressive and confrontational" cyber crime.

We also bring you a link to a short video about why businesses need cyber insurance, produced by Lloyd's as part of their cyber insurance summit, and a list of forthcoming cyber focussed events taking place in London and the US.

Before we get to this month's news, we would like to ask for a few moments of your time to make sure you register your vote in the Advisen Cyber Risk Awards 2017. The Cyber Risk Awards are in their fourth year, but the Cyber Law Firm of the Year is a new award recognising innovation and excellence in the provision of Cyber Insurance Law services. This year we have been nominated for Cyber Law Firm of the Year and we are up against some tough and worthy competition.

We would also like to take the opportunity to personally invite you to our upcoming “Creating an Inclusive Workplace” event in the Old Library at Lloyd’s on 24 May. Please do pop along and join us at this networking opportunity. You can find out more and respond to the invitation here.

Cyber threat "significant and growing" 

A recent report by the National Cyber Security Centre (NCSC) and National Crime Agency (NCA) (the "NCA Report") described the cyber-threat to UK business as "significant and growing". 65% of large UK firms detected a cyber security breach in the past year according to the government's Cyber Security Breaches Survey 2016 (the "Cyber Survey"). Against this background, cyber security combined with effective risk management, is a key priority for businesses in 2017.

Three factors contribute to this increased threat of cyber-attacks. First, the Internet of Things (IoT) and the progression towards an ever increasing number of internet connected devices provides hackers with more attack vectors than ever before. Secondly, hackers are learning from each other and sharing their knowledge. Thirdly, the technical expertise required to carry out cyber-attacks is declining, as DDoS (distributed denial of service) and malware can easily be obtained on the dark web.

Attacks on Industrial Connected Devices

Industrial connected devices are a prime target for attackers. Not only can they steal intellectual property or collect competitive intelligence but they can also disrupt critical infrastructure on a large scale. An attack on Ukranian energy distribution companies in 2015 resulted in electricity outages for approximately 225,000 customers. This attack was achieved by spear-phishing emails with malicious Microsoft Word attachments containing BE3 malware. 

The malware was used to gain access to the business networks of the electricity supply companies and disconnect electricity substations. This exemplifies the very real impact cyber-attacks can have on industry on a large scale, and the NCA Report predicts that such attacks will increase in 2017.

A recently published report by Lloyd's, "Future Cities: Building Infrastructure Resilience", highlights the rise of smart technology for city infrastructure and how critical economic and financial services rely on such technology. This presents the very real threat of cyber-terrorists targeting ICT systems to harm or shut down critical national infrastructures. Attacks of this kind can clearly have a devastating impact on local and global economies.

The Internet of Things and the rise of Botnets

As devices become increasingly internet-enabled and accessible, their security measures continue to lag behind. As we have seen with the recent CloudPets breach, many products have inadequate security software and are vulnerable to being accessed remotely. Botnets are increasingly being used to mount DDoS attacks on insecure internet connected devices, such as webcams, digital video recorders (DVRs), CCTV and smart meters. 

The NCA Report refers to the fact that the Shodan search engine (a search engine that lets a user find specific types of computers that are connected to the internet) reveals more than 41,000 units of one insecure model of DVR were connected to the internet in January 2017. 

The DDoS attack on Dyn in October 2016 provides an illustration of the widespread impact of these attacks. Multiple DDoS attacks targeted systems operated by Dyn causing major internet platforms and services to be unavailable to large numbers of users across Europe and North America. The attack affected a vast amount of services from Amazon and Twitter to Netflix and Spotify. It is believed the activities were executed through a botnet consisting of a number of internet connected devices which had been infected with the Mirai malware (the "Dyn Attack").

The significance of the Dyn Attack is that the hackers targeted part of the Internet's domain name infrastructure ("DNS"). DNS providers operate by translating human readable domain names into IP addresses, helping users find the websites they are looking for. The NCA Report highlights that that we should be prepared to see more such attacks, possibly on a larger scale, and potentially targeting website hosting and database servers.

Cyber Extortion and Ransomware 

The NCA Report also emphasises the changing nature of cybercrime and that it is becoming "more aggressive and confrontational". Extortion and ransom demands through DDoS attacks or following data theft are on the increase. Internet connected devices again provide an opportunity for hackers as ransomware can target devices containing personal data. The increasing proliferation of wearable technology including smart watches and fitness trackers all present opportunities in this regard.

In January of this year Lloyds Bank was subject to a ransom demand by hackers following DDoS attacks. Some bank customers experienced problems in accessing their online banking portals and outages continued to be reported by customers over two days. The Lloyds Bank website had been overwhelmed by millions of requests in the denial of service attack.

Businesses are being increasingly targeted by cyber criminals because, put simply, they follow the money. Phishing email attachments are a quick and easy delivery vehicle for ransomware. Attackers can reach individuals directly by email and trick them into triggering a ransomware payload, commonly hidden in Microsoft Office documents or JavaScript attachments.

Ultimately the cyber threat to UK businesses is ever increasing, particularly as hackers develop new variants and methods with which to target businesses. Businesses need to regard cyber security as a priority and should have risk management strategies in place to prepare and rehearse for cyber and data breach incidents.