May '22 Corvus Policyholder Update

Corvus Scan updates, the cost of ransomware, and real-life impacts of cyber threats.

Ah, the season of multi-tasking. Spring cleaning, gardening, enjoying the sunshine — all while fighting off allergies (thanks pollen!). We respect the ability to juggle so many things at once, but maybe some hobbies are better left behind? 

In the case of Moises Luis Zagala Gonzalez, a Venezuelan cardiologist, we would have preferred he just focused on matters of the heart. Instead, his side-hustle involved creating and distributing a ransomware-as-a-service operation. His bedside manner even translated over to great customer service for all cybercriminals who purchased the Thanos ransomware toolkit. 

For more on the latest news and tips in cybersecurity, keep reading below:

LaurenWinchester-1Risk + Response Tips 

Security tips and service updates from VP of Risk + Response Lauren Winchester


The latest on the Policyholder Dashboard: Cyber risk is always evolving, and so are we. 

A reminder about our Corvus Scan updates: To better reflect the current state of cyber risk, your Corvus Scan results are going to look a little different. Rather than being grouped into eight sub-scores, your findings are now organized based on impact: Critical, High, Medium, and Low. Here's what you need to know:

  • By looking at the summary at the top of your report, you’ll get an immediate picture of how many issues are present, and which are the most pressing to address.
  • We want you to prioritize security measures that will keep your organization the most protected based on current risk factors. Knowing where to start — the critical issues — will help move the needle for your overall security.
  • As we are in the process of rolling out the new design, some less-critical types of findings won’t initially be visible in the report. We’ll update you about any future changes.

Getting started: You can now find your Corvus Scan report by logging onto your Policyholder Dashboard, as opposed to the quarterly email with an attached PDF. We will still email you when results have been updated, and you can download a PDF from your Policyholder Dashboard if you need to share it within your organization. 


CISO Corner

Noteworthy trends in cybersecurity from Chief Information Security Officer Jason Rebholz


Lincoln College opened its doors the same year the Civil War ended. But it was a modern threat — one we discuss frequently here — that shut the educational institution’s doors: ransomware. While other factors were at play (low enrollment, inflation, COVID-19), it was the work of threat actors in December that ultimately forced the college’s hand. 

Let’s look at the key takeaways from the Lincoln College incident:

  • Educational institutions are seen as a prime target for ransomware groups. Many are dealing with archaic systems that take a massive investment to update, making them a reliable victim. So far in 2022, 13 universities have publicly disclosed attacks.
  • Their registration systems, academic files, and fundraising were all shut down. With the help of their cyber insurer and legal team, it took a month and a half to recover the lost data and get back up and running. The school’s president David Gerlach credits their cyber insurer for making their final spring semester possible.
  • Lincoln College, like other SMBs, faced financial limitations that prevented security improvements. Certain steps can vastly increase your chances of rebounding, including a robust backup strategy. For more information on what small businesses can prioritize on a budget, read our blog here.

Monthly Alerts


Threat Alerts

What to watch for this month. 


The Corvus Scan is a powerful asset that enables us to identify which policyholders are at risk for new vulnerabilities. You’ve probably already heard from us about the following if your organization is at risk, but we’ve gathered the monthly round-up of alerts and updates below:

F5 BIG-IP Vulnerability

Technology company F5 released patches for a critical remote code execution vulnerability, CVE-2022-1388, affecting its BIG-IP family of products, which include popular load balancer devices and software. Find out next steps here.

Apple Emergency Security Update

On May 16, 2022, Apple issued security updates addressing vulnerabilities found in their Mac, Apple TV and Apple Watch products. Threat actors are actively exploiting some of the vulnerabilities to take control of vulnerable systems. Apple users are strongly encouraged to manually check updates even if they have auto updates turned on. Find out more about these vulnerabilities here.

VMware Vulnerabilities

On May 18, 2022, VMware issued a security advisory about multiple critical vulnerabilities in its products, advising customers to patch immediately. U.S. Cybersecurity and Infrastructure Agency (CISA) issued an emergency directive in response to active exploitation and high risk to federal enterprise and compromise of an agency information system. Here’s how to mitigate the VMware vulnerabilities.

Cyber Criminals Exploiting Vulnerabilities in  WordPress Plugin 

Microsoft Security Intelligence team found that the cyber criminal group deploying a botnet is exploiting vulnerabilities in WordPress plugins. The bot scans for Wordpress files and backups to access sensitive data and steal credentials in an effort to gain control of the web server.  Organizations are advised to patch their internet-facing systems immediately.