Staying ahead of ransomware and infostealer threats
Many of us have gotten our first taste of fall weather in the past two weeks. While some might mourn the departure of long, balmy summer nights, others will welcome the chance to hunker down with an additional layer of warmth and security, cozying up on the couch with a blanket for the first time in months.
Speaking of additional layers of security, starting September 16th, we’ll require multi-factor authentication (MFA) for your Corvus Risk Dashboard account. See below for more details, plus plenty of new threat intel on infostealer malware, and a link to see our latest webinar recording covering key insights on the latest trends in ransomware!
![[BANNER] Risk Advisory Tips](https://4476289.fs1.hubspotusercontent-na1.net/hub/4476289/hubfs/ra_tips_100height%20(1).webp?upscale=true&upscale=true&width=688&height=101&name=ra_tips_100height%20(1).webp)
We’ve said it before, and we’ll say it again: MFA is key to protecting account credentials. We’ve seen countless cyber claims stem from not having this simple safeguard in place. While MFA has always been available for your Risk Dashboard, it will soon be mandatory for all users.
Starting September 16th, we’ll require multi-factor authentication (MFA) for your Risk Dashboard account.
What to expect for current Corvus policyholders
-
MFA will be enforced for Corvus policyholders beginning September 16th
-
After September 16th, users will be prompted to set up MFA before they can access their account. Click here to see the process in our Help article for policyholders.
If you have any questions about setting this up, please contact our Risk Advisory team at services@corvusinsurance.com.
Missed Our Q2 Cyber Threat Webinar?
You can still access key insights on the latest trends in ransomware and third-party breaches. With attacks on the rise, staying informed and ready to protect your business from evolving cyber threats is crucial.
Key Takeaways for Policyholders
- Ransomware attacks are rising. In Q2 2024, there was a 16% increase in ransomware victims posted to leak sites, making it the second most prolific quarter on record.
- Backup strategies are vital. Policyholders with robust backup strategies saw a 72% reduction in ransomware-related claim costs. Those without backups are 2.38 times more likely to pay ransoms.
- Third-party breaches are up. A 19% year-over-year increase was observed, further highlighting the vulnerabilities in supply chains.
Protect your business by staying informed and prepared for the latest threats.
Download the Q2 Ransomware Report
![[BANNER] Threat Intel Corner](https://4476289.fs1.hubspotusercontent-na1.net/hub/4476289/hubfs/threat_intel_corner_100height%20(1).webp?upscale=true&upscale=true&width=688&height=119&name=threat_intel_corner_100height%20(1).webp)
Infostealers on the rise
This year, we’ve seen more claims arising from infiltrations enabled by “infostealer” malware. While infostealers aren’t new, threat actors have recently gravitated toward them as a source of victims to exploit.
An infostealer discreetly infects computers, operating in the background without arousing suspicion. They target a range of data, including login credentials, financial information, personal identities, intellectual property, and more. The harvested information is collected by attackers and often sold to other threat actors who use the data to conduct additional attacks, like ransomware.
There are two primary ways that cybercriminals distribute infostealer malware: email attachments (phishing emails) and malvertising, where the cybercriminals put ads for popular software but direct users to a phishing site to download the infostealer instead of the legitimate software. In both cases, the victims willingly click on links but unknowingly install the infostealer on their system.
The three main defenses against infostealers are best practices that are, thankfully, likely already familiar:
- Email Security: Use a reliable email security provider to block any malicious email attachments that might contain infostealer malware
- Endpoint Detection and Response (EDR): Deploy reputable EDR solutions to detect and block infostealer malware and subsequent malicious activities.
- Strong MFA: Since many infostealers now steal session cookies it’s key to use modern phishing-resistant forms of MFA
Following these practices and acting quickly upon discovery of any evidence of intrusion will limit the impact of infostealers at your organization.
![[BANNER] Threat Alerts](https://4476289.fs1.hubspotusercontent-na1.net/hub/4476289/hubfs/threat_alerts_100height%20(2).webp?upscale=true&upscale=true&width=688&height=115&name=threat_alerts_100height%20(2).webp)
We’ve gathered a monthly round-up of our alerts and threat intel updates below:
Veeam Vulnerability
Veeam issued a security bulletin for a number of critical security vulnerabilities. The flaws affect Veeam Backup & Replication, which is commonly used for restoring, replicating, and backing up data for virtual machines, physical servers, and cloud-based workloads. We recommend organizations upgrade to the most recent version immediately.
SonicWall Vulnerability
SonicWall issued a security advisory for a critical vulnerability. The flaw, CVE-2024-40766, affects SonicOS, the operating system for SonicWall firewalls. SonicWall warns that customers running out-of-date versions are vulnerable to unauthorized resource access and, in specific conditions, crashed firewalls. We recommend organizations upgrade to the most recent version immediately as there are unconfirmed reports of exploitation.
SolarWinds Web Help Desk
In August 2024, SolarWinds issued a security advisory for a critical security vulnerability, CVE-2024-28987, affecting SolarWinds Web Help Desk 12.8.3 hotfix 1 and all previous versions. Web Help Desk (WHD) is an IT help desk software that centralizes, automates, and streamlines help desk management tasks. This vulnerability is not yet actively being exploited by malicious threat actors and no exploit code is available. However, it should be noted that CVE-2024-28987 is a low-difficulty exploit that can be launched remotely and doesn't require any form of authentication. We recommend organizations upgrade to the most recent version immediately as exploitation is likely.