Just as businesses beef up security, fraud evolves and strikes companies when they least expect it, sending security teams back to the drawing board. The latest attacks are affecting businesses in the U.S. and U.K.
On Aug. 11, Financial Times reported a rise in cyber insurance policy claims in both countries. In the U.S., companies are learning about a new ransomware called Sodinokibi. Similar to other forms of ransomware, the attack "disables the victims' files or systems," the report states. File decryption is only possible with the fraudsters' key, which they say they'll release after they receive their ransom. The ransoms are higher than the average ransom demand and often paid in bitcoin.
"According to Gallagher, the insurance broker, the average Sodinokibi ransom demand was $150,000 in May, against an average of under $50,000 for other types of ransomware," Financial Times reported. "Sodinokibi has been targeting companies of all types, often using the victims' systems or suppliers as a way in. In particular, the hackers have attacked small- and medium-sized companies via outsourced IT service providers in the U.S."
Meanwhile, business email compromise (BEC) is ramping up in the U.K., where gangs are turning to cybercrime.
"These criminals are exploiting new technologies to commit fraud, posting adverts on social media to try and recruit money mules," Gary Robinson, the head of Dedicated Card and Payment Crime Unit in the U.K., told govtinfosecurity.com. "We will also be stepping up our engagement with social media firms to identify and take down profiles used by fraudsters and are working closely with mobile phone companies to combat scam techniques such as SIM swapping."
—Andrew Michaels, editorial associate