As an insurance executive, you know that cyberattacks are a constant threat to your clients. But did you know that phishing attacks often follow system outages? This is a dangerous cycle that can leave your clients vulnerable to cybercriminals.

According to a recent article by Jonathan Reed, phishing attacks often occur after a service, system, or network outage. Cybercriminals take advantage of user confusion and frustration by sending phishing emails pretending to be from the affected company. These emails contain links to rogue websites designed to steal login credentials and other personal information.

This scenario played out after the massive PlayStation Network outage in 2011, where phishers took advantage of user confusion and frustration. Intruders sent phishing emails pretending to be from Sony, offering solutions or compensation to resolve outage problems. These emails contained links to rogue websites designed to steal login credentials and other personal information.

Unfortunately, this cycle continues to this day. The IBM X-Force Threat Intelligence Index 2024 revealed that phishing was the top initial access vector of 30% of cases in 2023. Also, 92% of organizations fell victim to a successful phishing attack in their Microsoft 365 environment in 2023.

The most recent outage that occurred with Microsoft Windows impacted 8.5 million systems. Reports have surfaced about a malware campaign targeting BBVA bank customers, where a fake update installs the Remcos RAT. This bogus update was promoted through a phishing site, masquerading as a BBVA Intranet portal.

In a separate warning, AnyRun highlighted another campaign in which attackers distributed a data wiper disguised as an update. The wiper attack was attributed to the pro-Iranian hacktivist group Handala, who allegedly claimed responsibility for the malicious activity on Twitter.

As if that wasn’t bad enough, new Windows threats were also reported during July that require immediate protection. Check Point issued a warning that attackers are using special Windows Internet Shortcut files. When these files are clicked, they trigger the retired Internet Explorer (IE) to visit attacker-controlled URLs. By using IE instead of more secure browsers like Chrome or Edge on Windows, attackers gained significant advantages in exploiting victims’ computers, even if they were running modern operating systems like Windows 10/11.

Trend Micro provided more threat intelligence, revealing that the vulnerability was being used as a zero-day to access and execute files through the disabled Internet Explorer using MSHTML. This allowed attackers to infect victim machines with the Atlantida info-stealer, which targets system information and sensitive data such as passwords and cookies from various applications.

As an insurance executive, it’s important to be aware of these threats and to take action to protect your clients. One solution is parametric insurance, which uses real-time data to provide coverage for specific events. With Riskwolf, you can turn real-time data into insurance. Using unique real-time data and dynamic risk modeling, we enable insurers to build and operate parametric insurance at scale. Simple. Reliable. Fast.

In conclusion, phishing attacks after system outages are a real threat that insurance executives need to be aware of. By taking action to protect your clients, such as offering parametric insurance, you can help them stay safe from cybercriminals. Don’t take chances with their security. Contact Riskwolf today to learn more about how we can help you develop parametric insurance for your clients.

Source: The cyberattack cycle: First comes outage, next comes phishing