September 2022 Broker Update

The Uber breach, Policyholder Dashboard walkthrough, and more.

Now that it’s Fall, we declare the following as “out”:

  • White pants. Labor Day has come and gone.
  • Lemonade. Bring on the pumpkin spice lattes.
  • Falling for phishing. Double check URLs!

The following is IN, according to us:

  • These risk classes: Construction, Credit Unions, Environmental Consultants, Financial/Investment Advisors, and Long Term Care. Reach out to your Territory Manager if you have business in any of these risk classes!
  • The last edition of Bird’s Eye, because we never go out of style.

Keep reading for the latest in the cybersecurity world, updates from Corvus, and more:

What's New At Corvus

Back-to-school season is upon us: Welcome to Policyholder Dashboard 101.

You probably know that when your client becomes a Corvus policyholder, they gain access to our Policyholder Dashboard. It’s where they’ll find all of our digital policyholder benefits, such as personalized cybersecurity recommendations, risk management resources, and their monthly Corvus Scan reports.

But most people are visual learners, so we thought it would be best for brokers to see the resources we have to offer, and be able to best explain to your clients what is in store.

By clicking through our interactive Policyholder Dashboard walkthrough, you’ll become an expert on everything from how our non-invasive scan works to the steps your clients need to take to be well positioned for their next policy renewal. The (fun, interactive) lesson starts here!

P.S.: We like to think we’d be your favorite professor. Extra credit for bird facts.

Cybersecurity Tips 

From VP of Risk + Response Lauren Winchester and CISO Jason Rebholz 

Last Thursday, ride-sharing service Uber announced that they were responding to a “cybersecurity incident.” Allegedly, the hacker behind the attack is an 18-year-old who gained access to company systems through a successful social engineering attempt. 

  1. The hacker used a popular tactic known as “MFA fatigue.” After sending a flurry of MFA push notifications to a targeted employee, the attacker reached out through WhatsApp and claimed to work for Uber IT. The message was straightforward — approve the login, and the notifications will stop.
  2. Once gaining credentials, the threat actor logged into Uber’s internal network via the corporate VPN. As they scanned for sensitive information, they found a PowerShell script containing admin credentials to the privileged access management vault — the tool used to store credentials to many internal and external tools and applications. This provided the attacker even more administrative credentials.
  3. The hacker announced the breach through Uber’s Slack server. It has been described as a “total compromise,” which as self-reported by the attacker, includes the following systems: Amazon Web Services, Duo, GSuite, OneLogin, Slack, and VMware.

The takeaway: When implemented properly, MFA is still one of the most effective information security controls on the market today. But it’s not a “set and forget” solution that prevents all attacks. Even when it works like it should, users are still vulnerable to social engineering (unfortunately, humans are often seen as the “weak link” in cybersecurity). Never accept an MFA push notification unless you are the one sitting at the keyboard trying to log in. 

🔎 Threat watch: The latest alerts and guidance on vulnerabilities. 

On Your Radar

A roundup of recent commentary, analysis, and insights from our insurance experts

📹 Is cyber…getting easier? 

Watch our latest webinar recording to learn how brokers are winning in today’s market. Our panel discusses new tactics, expectations from clients, and how digital tools are here to help. 

Cyber coverage refresher on PCI Fines and Penalties.

Dive into the origins of PCI compliance (remember a time before online shopping?), the impact of data breaches, and why policy wording is so important (just ask P.F. Chang’s). Read our latest Cyber Coverage Explained.

Not all VPNs are built the same. 

VPNs give employees access to internal resources through a secure, encrypted channel. Unfortunately, a VPN’s code can contain vulnerabilities — and threat actors take that information and run with it. Our Data Science team dug into various VPN technologies to categorize their different risk levels. Find out more.

📌 Your feedback is crucial to us. We sent out a survey on Wednesday, September 14th, and would love to hear from you. If you’ve already replied to our request, thank you! If not, take this as a gentle nudge (not a nag!). You should see a reminder email in your inbox today. We appreciate your time and insights as part of the Corvus community.

Corvus In The News

Here we come, EU. In the coming months, Corvus Underwriting GmbH will be able to write business in all 27 European Union countries, allowing us to bring our Safer World mission to another 23 million registered organizations!

Bird Is The Word

In Sydney, Australia, there’s a trash-bin bandit problem. As much as the neighborhood tries to outsmart these thieves, the garbage fiends find a workaround. The culprit? Sulfur-crested cockatoos

Birds and humans have a lot more in common than their love for carbs here — both species use cultural transmission to either protect their trash-bins or to get around new obstacles. Neighbors communicate to determine the best way to keep their lids sealed shut (like bricks), and the cockatoos living near one another use similar methods to innovate ways into those prized bins (by cleverly removing aforementioned bricks). 


This newsletter and its contents are intended for general guidance and informational purposes only. This newsletter is under no circumstances intended to be used or considered as specific insurance or information security advice.