Tales from the cryptomines: Insurance responds to latest business cyber threat
Advisen
Tales from the cryptomines: Insurance responds to latest business cyber threat
The rise of outsourcing business services, such as cloud and internet-based services and VoIP telephony, has changed the way organizations operate, expanding productivity and efficiency while also increasing the risk of cryptojacking.
Cryptojacking allows cybercriminals to infect systems with malware – or trick employees into giving up their credentials – and steal an organization’s business resources in order to mine cryptocurrency. The practice allows crytominers to use significant computing power to solve mathematical equations that verify digital transactions. Portions of the fees generated by the verifications then go to the cryptominer’s own digital wallet and the practice is technically legal – when using one’s own computing power, that is, not surreptitiously hijacking business resources.
According to research from Checkpoint, has expanded dramatically over the first half of 2018. Checkpoint found that 42 percent of organizations surveyed had been hit by cryptomining malware, allowing hackers to hijack up to 65 percent of the organizations’ computational power.
As business practices evolve, so do criminals’ tactics for stealing money and resources. Numerous reports suggest that cryptojacking is replacing ransomware as the favored method of cybercrime.
Running up a bill for unauthorized access or fraudulent use of Amazon Web Services, for example, can be a major hit to a smaller organization and the insurance industry – which has long offered coverage for traditional telecom toll fraud – is responding.
“It’s become like the new magical criminal business model,” said Joshua Motta, founder and CEO of Coalition, which has launched an insurance product aimed at responding to the costs of cryptojacking. “Not much in the world of crime has changed. There are just new and different ways to steal things.”
Unlike ransomware or a traditional data breach, criminals aren’t exfiltrate data or funds, but gaining access to business services that can result in a direct business loss in the form of that Azure or AWS bill. For many organizations, a slight uptick in services costs might not make much of a difference – for a small business, the deception can result in a prohibitively high bill. Motta cited the example of an insured that saw a bill for $100,000 before the fraud was discovered and shut down – it is this type of direct business costs that Coalition sought to address when crafting a new cover, he said.
Cryptomining is likely to continue to rise in popularity, as a relatively simple cybercrime to perpetrate for anyone with access to cryptomining software and a good handle on social engineering. According to Coalition, using two-factor authentication can help cut down “the most egregious” cases of cyber fraud and credential theft.
Editor Erin Ayers can be reached at eayers@advisen.com.
