June '22 Corvus Policyholder Update

Discover the Vendor Marketplace. Plus: Why you need out of band authentication.

Packing for a summer getaway? Don’t forget the following:

  • Sunscreen. Everyone remembers the year you said “I’ll tan!” and burnt to a crisp.
  • A good thriller. You don’t have to read it, but you can pretend to.
  • Your physical credit card. Because we are not storing it in our internet browser, no matter how quickly you need to buy those concert tickets.

The Emotet botnet launched a new feature just in time to sabotage your OOO plans. The credit card stealer module is designed to harvest credit card information stored in Google Chrome user profiles. At the beginning of 2021, Emotet’s infrastructure was taken down by law enforcement action, but it’s back for 2022 (with a vengeance?)

For more on the latest cybersecurity tips and trends, keep reading below:

What's New on the Policyholder Dashboard?

Log onto your Policyholder Dashboard and you’ll find a brand new tab within the vCISO Center — our Vendor Marketplace! Identifying vendors that meet your needs and selecting the right one to do the job (that also fits your budget) can be onerous. We want to make cybersecurity as straightforward as possible for your organization: less stress and less risk. 


[SMART INSURANCE DIAGRAM] Vendor Marketplace in the Corvus Policyholder Dashboard


Inside the Vendor Marketplace: You’ll find an assortment of our thoroughly vetted partners with brief descriptions of their tools and services, plus information on discounts. By clicking on a vendor, you’ll either head to a Corvus-associated landing page or be provided an email template to learn more and get connected.  

Find out more about the products and services offered in our Knowledge Nest article. 

LaurenWinchester-1Risk + Response Tips 

Security tips and service updates from VP of Risk + Response Lauren Winchester


Our claims data shows that companies with less than $50M revenue are twice as likely to experience fraudulent funds transfer claims. 

Funds transfer is the movement of funds from one party's bank account (sender) to another party's bank account (receiver). Cyber criminals love using social engineering tactics, such as invoice modification, to intercept day-to-day business transactions, channeling that money into their own bank account. The stolen funds are typically a significant, and often unrecoverable sum — but don’t panic. There are some straightforward ways to prevent a worst-case scenario at your organization: 

    • Out of Band Authentication (OOBA): Out-of-band authentication involves using separate channels for authentication. When making electronic payments, a phone call from a known, trusted number is a good way to confirm any changes in payment instructions before sending funds to another organization’s bank account. 
  • Educate employees: Through employee security awareness programs, you can make everyone at your organization more aware of what to look for when it comes to phishing emails — and how to properly report it. 
  • Enforce MFA on all email accounts: Make the work of a cyber criminal harder. Prevent easy access to an employee’s email account (typically through an initial phishing attempt) by setting up multi-factor authentication. This’ll stop, or significantly slow down, any threat actor thinking of masquerading as one of your own for financial gain. 

For more on OOBA (and other considerations to stopping funds transfer fraud) read our Knowledge Nest articles on Securing Funds Transfers and Securing Email.


CISO Corner

Noteworthy trends in cybersecurity from Chief Information Security Officer Jason Rebholz


Cloud infrastructure isn’t ransomware proof. Security researchers at Proofpoint identified functionality in enterprise cloud apps that would allow threat actors to infiltrate and encrypt files (no endpoints or network drives necessary) while bypassing the ability to quickly restore files. How does it happen?

  1. Threat actor compromises a user’s account.
  2. The threat actor targets all files within the document library by either creating too many versions of a file or reducing the version limits of a document library. Ultimately, either approach allows the threat actor to encrypt the files by working within the general settings of the cloud software and mitigating your ability to quickly restore files from prior versions. 

What can we do to prevent this?

    • Use MFA on all accounts. Stop the compromise of an employee’s account in the first place by making it harder for a cybercriminal to access. And don’t forget the user. Educate employees on common phishing tactics.
  • Monitor cloud activity for suspicious activity. Third-party monitoring of suspicious activity, such as seeing the number of allowed document versions, could quickly tip you off to malicious activity. 
  • Backup your cloud data to a third-party service. You're only as good as your backups, and that applies to data stored on cloud infrastructure, too. 

Monthly Alerts


Threat Alerts

What to watch for this month. 


The Corvus Scan is a powerful asset that enables us to identify which policyholders are at risk for new vulnerabilities. You’ve probably already heard from us about the following if your organization is at risk, but we’ve gathered the monthly round-up of alerts and updates below:

Mitel Vulnerability

In April, Mitel issued a security advisory for a critical vulnerability, CVE-2022-29499, found in their Mitel Service Appliance component of MiVoice Connect. Mitel is a telecommunications company that provides business phone systems and unified communications as a service (UCaaS) to businesses. On June 23, 2022, Crowdstrike reported that the vulnerability is being actively exploited by ransomware operators. Learn more about the Mitel vulnerability here.

Confluence Vulnerability 

On June 2, 2022, Atlassian issued a security advisory for a critical vulnerability, CVE-2022-26134, impacting Atlassian's on premise Confluence Server and Confluence Data Center servers.The vulnerability allows an unauthenticated attacker to gain full access to the Confluence Servers (but does not impact cloud based Confluence products). Learn more about next steps.

Microsoft Support Diagnostic Tool (MSDT) “Follina” Vulnerability

CVE-2022-30190 is a vulnerability impacting Windows systems that allows an attacker to run code remotely using malicious documents such as Microsoft Word files. When opening or even previewing the malicious document, the Microsoft Support Diagnostic Tool (MSDT), a utility used to troubleshoot and collect diagnostic data, is called and can begin remotely executing code. This allows the attacker to install programs, create users, or view, modify, or delete data. On June 14, 2022 Microsoft released Windows updates addressing the vulnerability and has also issued guidance for workarounds. Learn more about Microsoft’s remediation recommendations