Top Banner
Insurance Companies Once Again Drive Cybercrime Headlines Financials Sector For the March 2015 Period Copyright © 2015 SurfWatch Labs, Inc. All rights reserved
5

financialsriskreport_march2015

Sep 15, 2015

Download

Documents

Nadir Palacios

financialsriskreport_march2015
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
  • Insurance Companies Once Again Drive Cybercrime Headlines

    Financials Sector

    For the March 2015 Period

    Copyright2015SurfWatchLabs,Inc.Allrightsreserved

  • Cyber Risk Landscape in Financials - March 2015 InMarch2015theFinancialssectorsawaboveaveragecyberrisk,withanoverallSurfWatchLabsriskscorethatwas9%higherthanthesectorssixmonthaverage.ThatcontinuesthetrendofFinancialshavingaboveaverageriskeverymonthsofarin2015.FebruarysawthemassivebreachathealthinsurerAnthemdrivingmuchofthecybercrimediscussion,andMarchsawanotherroundofhealthinsurancebreachesgettingwidespreadheadlines.The11millionpeoplewhohadtheirinformationexposedatPremeraBlueCrosswasthemostdiscussedcyberrelatedincidentacrossallsectors,appearinginnearly11%ofallthenegativeCyberFactscollectedbySurfWatchLabslastmonth.WhenlookingatthenegativecyberdiscussionjustintheFinancialssector,thePremeraBlueCrossbreachdominatedtheheadlines,appearinginnearly62%ofthesectorsCyberFactscollectedbySurfWatchLabs.Clearly,recentmonthshavebeendrivenlargelybymajor,highprofilebreaches.Overall,Financialswasthesecondmostdiscussedindustrysectorinregardstocybercrime,getting18%ofthediscussionbehindonlyInformationTechnology.Forcomparison,inthefewmonthsbeforethelargeinsurancebreachesmadewavesthesectoronlyreceivedbetween2%and7%ofthediscussion.TheAnthembreach,thougholder,isstillgeneratingasignificantamountofattentionandwasthesecondmostdiscussedcybercrimetargetofthemonth,appearingin13%ofthesectorsCyberFacts.Beingperhapsthemosthighprofilebreachoftheyear,itwillbeinterestingtowatchhowthatdiscussioncontinuesandifanypotentiallongtermbranddamagewillresult.Lookingattheindustrygroupbreakdown,onceagain,insuranceisdominanthowever,therewerealsosignificantdiscussionsaroundvirtualcurrencylikebitcoinandbanking,whichfacedvariousphishinganddefacementattacksinMarch.

    Copyright2015SurfWatchLabs,Inc.Allrightsreserved

  • Copyright2015SurfWatchLabs,Inc.Allrightsreserved

  • Financials Overview TheFinancialssectorreceivedagradeofD+forthemonth,indicatingthatthesectorsawanincreasedlevelofcyberriskforthemonthwhencomparedtoitssixmonthaverage.SocialActivityhadalargeincreasemidmonthlikelyduetotheinsuranceproviderdatabreaches.IncidentVolumealsoincreasedslightlyinMarch.Therestofthescoresremainedsteadythroughoutthemonth.Whenitcametomacroleveltargets,Data(62.6%)wasbyfarthetoptrendingtarget.PrivateNetworksandCloudService/Applicationscameinsecondandthird,respectively.FinancialInformationStolen/LeakedsawthebiggestriseofanyeffectinMarch,becomingthethirdmostprominenteffectforthemonthbehindDataStolen/LeakedandPersonalInformationStolen/Leaked.Again,muchofthemonthsdatawasdrivenbythevariousinsurancebreaches.Whenlookingatthebreakdownofspecifictags(below),virtualcurrencyminingpoolisthenumbertwotargetforthemonthanddistributeddenialofserviceisthenumbertwopractice.AgroupofbitcoinminingpoolsweretargetedwithDDoSattacksinMarch,withseveralreportingthatransompaymentsweredemandedinordertostoptheattacks.

    Copyright2015SurfWatchLabs,Inc.Allrightsreserved

  • Activity and Events of Note Severalnotableeventsoccurredduringthemonthincluding:

    PremeraBlueCross:Theinsuranceprovidersufferedamassivedatabreachaffecting11millionpeoplespersonalinformation.AccordingtoPremera,theincidentaffectedPremeraBlueCross,PremeraBlueCrossBlueShieldofAlaska,anditsaffiliatebrandsVivacityandConnexionInsuranceSolutions.Additionally,BlueCrossBlueShieldplanmemberswhosoughttreatmentinWashingtonorAlaskamayalsobeaffected,aswellasmembersofLifewise,anaffiliateofPremera.

    AnthemInc.:Anthemwasthefirstmassivedatabreachatamajorinsuranceproviderthisyear.Thedamageisstillbeinginvestigatedandcontinuestospreadwith80millionpeopleaffected.

    HighmarkInc.:ThePittsburgGazettereportedthatmorethan51,000currentHighmarkhealthinsurancecustomersinPennsylvaniawillreceivelettersnotifyingthemthattheirpersonalinformationmayhavebeenstolenaspartofthelargerAnthemdataheist.

    NiceHash.com,GHash.IO,ShenzhenBiwangElectronicCo.,andCKPool:AlargegroupofbitcoinminingpoolsweretargetedwithaDDoSattack.ThewaveofattacksonnumerouspoolsstartedthefirstweekofMarchandcontinuedthroughmidMarch.Bitcoinpaymentwasdemandedtostoptheattack.

    SouthwestMontanaFederalCreditUnion:AgroupofwebsiteswerehackedbysomeoneclaimingtobeaffiliatedbyISIS.BothU.S.andEuropeansitesweredefacedortakendown.

    BankofAmericaCorp.:Aphishingscam,perpetratedbyemailandfakesocialmediasites,targetedBankofAmericacustomersinlateMarch.

    Financials Conclusions, Trends and Predictions InsuranceisthenewhackRecentbreachesatPremeraBlueCross,Anthemandotherinsurancecompaniesarenotacoincidence.Insuranceprovidersholdalotofdata,anditmaybeeasiergainaccesstothatdatathroughinsurancecompaniesthanothergroupsthatarepotentiallymorehardenedlikebanking.Whilemonetarytargetswillalwaysbeimportant,hackerswillcontinuetotargetthesevaluabledatarichenvironmentsaslongastheycontinuetohavesuccessdoingso.Additionally,theeffectsofthesemassivebreachescontinuetoplayoutaftertheinitialheadlines.Manybusinessesarecommunicatingwithemployeesabouttheinsurancebreaches,andcybercriminalsoftenusethesemajoreventsasaspringboardforphishingattemptsandotherattemptstocausefurtherdamage.BitcoinstilltakinghitsMarchwasyetanothermonthofcybercrimerelatedtobitcoin.ThereweresomegoodthingshappeninglikeIBMssearchforawaytobolsterthecybercurrency.Outweighingthosepositiveoccurrenceswerenumeroushackingsofbitcoinmarketsaswellasthearrestoffederalofficialsfortheftofthecurrency.Thestockmarketisevengettinginvolvedwithbitcoinnow,andwhilethatmaylookgoodontheoutside,itmightnotbeenoughtokeepthecurrencyafloatifitcontinuestobeeasilystolen.

    Copyright2015SurfWatchLabs,Inc.Allrightsreserved