Cybersecurity links & commentary for April 17, 2019

Should Homeowners Insurance Cover Cyber Fraud?

Ransom Demands Increasing as More Virulent Viruses Emerge:

The average ransom paid to cyber criminals nearly doubled to $12,762 per incident in the first quarter of 2019, compared to $6,733 during the fourth quarter of 2018, according to a report released today by Coveware, a cybersecurity firm based in Norwalk, Connecticut that specializes in responding to cyber ransom demands.

Siegel said in an ideal world, no ransom would ever be paid. But Ryuk is a sophisticated virus that can not be decrypted without a decryption key that is available only from the entity that planted the bug.

Big Companies Thought Insurance Covered a Cyberattack. They May Be Wrong.:

Mondelez’s insurer, Zurich Insurance, said it would not be sending a reimbursement check. It cited a common, but rarely used, clause in insurance contracts: the “war exclusion,” which protects insurers from being saddled with costs related to damage from war.

Mondelez was deemed collateral damage in a cyberwar.

The disputes are playing out in court. In a closely watched legal battle, Mondelez sued Zurich Insurance last year for a breach of contract in an Illinois court, and Merck filed a similar suit in New Jersey in August. Merck sued more than 20 insurers that rejected claims related to the NotPetya attack, including several that cited the war exemption. The two cases could take years to resolve.

Courts often rule against insurers that try to apply the wartime exemption. After hijackers destroyed a Pan Am airliner in 1970, a United States court rejected Aetna’s attempt, determining that the action was criminal, not an act of war. In 1983, a judge ruled that Holiday Inn’s insurance policy covered damage from the civil war in Lebanon.

In the Mondelez and Merck lawsuits, the central question is whether the government’s attribution of the NotPetya attack to Russia meets the bar for the war exclusion.

Risk industry experts say cyberwar is still largely undefined. Attribution can be difficult when attacks come from groups with unofficial links to a state and the blamed government denies involvement.

Not to mention that experts in cybersecurity dispute the claims that Russia and North Korea were actually behind the attacks.

Ecuador says hit by 40 million cyber attacks since Assange arrest:

Ecuador said on Monday it has suffered 40 million cyber attacks on the webpages of public institutions since stripping Wikileaks founder Julian Assange of political asylum.

Javier Jara, undersecretary of the electronic government department of the telecommunications ministry, said the country had suffered “volumetric attacks” that blocked access to the internet following “threats from those groups linked to Julian Assange.”

Actually, the attackers are not linked to Julian Assange.

Cyber Breach Planning: Lessons From The Equifax Breach:

Some lessons on good governance practices from the Commissioner’s perspective include:

knowing who is saving and modifying files when they involve personal information;
securely storing staff and customers’ usernames and passwords;
keeping production data separate from test data;
training staff on appropriate handling of personal information;
keeping security certificates updated; and,
having the required certification standards met.

Adblock Plus Filters Can Be Exploited to Run Malicious Code:

Update 4/16/19 9:24 AM EST: Added that this exploit would not affect uBlock Origin and a portion of AdBlock Plus’ statement is below:

“It is our responsibility to protect our users, and despite the actual risk being very low, we have decided to remove the rewrite option and will accordingly release an updated version of Adblock Plus as soon as technically possible.We are doing this as a measure of precaution. There has not been any attempt of abusing the rewrite option and we will do everything we can to ensure this won’t happen.”

Can Border Patrol agents demand you unlock your phone? Tech worker’s SFO experience raises question:

Andreas Gal of San Mateo says officers from U.S. Customs & Border Patrol detained him at San Francisco International Airport in November of 2018 and ‘aggressively’ questioned him about his travel and insisted he unlock his cell phone and computer, which he refused to do. The incident involving Gal has prompted the question how much evidence do officers need to conduct investigations of electronic equipment. The question could come before the U.S. Supreme Court.

Such searches can reveal “an individual’s intentions upon entry” and are “critical to the detection of evidence relating to terrorism and other national security matters, human and bulk cash smuggling, contraband, and child pornography,” the agency said.

Don’t travel out of the country with your private life on your devices? Only take the data that you don’t care the government sees when you reenter? There are also ways around this via VPN. Don’t be a criminal. Don’t be suspicious. However, people are politically targeted for simply being privacy advocates, which appears to have been the case with Andreas.

Remote Fingerprint Unlock: Unlock Windows with Android fingerprint scanner:

It is completely secure, and the developer is working to bring more features and security enhancements to the application.

The first rule: never say anything is “completely secure.”


Democratic presidential candidate offers major cyber policy idea:

The first established Democratic presidential candidate out of the gate becomes the first candidate to offer a cybersecurity policy proposal, too. Former Maryland congressman John Delaney today is proposing the creation of a Department of Cybersecurity.

“In light of the many recent and continued cyberattacks on our country, we need to establish a cabinet-level agency to focus on protecting our cyberspace, similar to what we did after the terrorist attacks on September 11, 2001 when we established the Department of Homeland Security to protect the homeland,” he said in a statement. “Currently our cybersecurity efforts are spread across multiple agencies, but by creating a new department we can centralize our mission, focus our goals and efforts, and create accountability.”