Smart Grids – the Next Big Attack Vector to Pull Down a Country’s Smart Grid Could be Your WiFi-enabled Thermostat! Here is How to Protect the Grid…

Author Avatar Posted on June 19, 2019 by Wedge Chief Scientist

While Argentina and Uruguay are still reeling from a massive blackout that left nearly 50 million citizens without power over the weekend, we still cannot rule out cyberattack as being the reason. The integrated nature of the regional grid meant that cross-border grid glitches propagated further, with the interruption also affecting Brazil, Chile and Paraguay. Smart grids, smart metering and automated control systems, have been changing the global electricity landscape with “more than 10% of global grid investments – equivalent to some $30 billion a year – now dedicated to digital network infrastructure”, according to a recent article from Bloomberg. To that end, “more than $130 billion has been spent on smart-grid technologies worldwide over the past five years”. The reason for the adoption of smart grid technology is to provide the ability to monitor and control supply and demand in real time, allowing grid operators to better forecast and plan for consumption spikes that would otherwise cause the system to fall over.

However, like we’ve seen in Smart City adoption, the vast amount of infrastructure required to make the electrical grid “smart” includes a parallel telecommunications network that is able to collect and process the massive amounts of data that the grid would generate. Essentially, every connected thermostat, electricity meter, or other smart device, provides a potential attack vector into the grid that could have devastating consequences such as bringing the entire grid down.

Unlike the telecommunications and computing sectors that have been dealing with security risks for a while, the industrial and electrical systems sectors are lagging behind in this respect. Again, like in the case of Smart Cities the IoT devices that are providing the monitoring in the Smart Grids, are often too underpowered to run anti-malware protection, or are running operating systems that are not covered by current network security solutions. Thus, the Smart Grids will run into a similar problem; making them vulnerable to hackers and to malware attacks. Due to the essential nature of the utility, the results of which could leave hundreds of thousands of people without power for hours or days, hacks of the electrical grids are more likely to be perpetrated from nation states, who are better funded and who can better cover their tracks; hiding their activities for years before potentially launching an attack.

Thankfully, the solution to this problem is the same as how Smart Cities are protected! Because Wedge Advanced Malware Blocker is NETWORK-BASED requiring no retrofitting or re-engineering of existing grid technology, capable to Detect and STOP malware – including zero-days – in Real-time at the network level, it can protect all of the Smart Grid’s endpoints, preventing any malware from ever reaching them! Smart Grid operators can and should take advantage of Wedge’s FREE 90 day trial in which they can see for themselves how effective WedgeAMB is at protecting their infrastructure. Get in touch with our team at info@wedgenetworks.com for more information!

Posted in Industry News, Latest Security News, Wedge News | Tagged , , , , , , , | Leave a comment

The Best Defence Against Ransomware? Don’t Get Infected…

Author Avatar Posted on June 10, 2019 by Wedge Chief Scientist

It looks like the the idea of “Detect and Block” vs “Detect and Remediate” is gaining traction out there.  This is a welcome sight for us here at Wedge as we continue to espouse the idea that it is better to detect and prevent malware than it is to have to remediate it after the fact.  The Register, in a recent article seems to agree with our take on the situation.

Initially, the article asks readers to consider weighing the pros of actually paying the ransom demanded to hackers in order to have their data unlocked; contrary to the advice handed down by government agencies and information security firms who suggest that by giving in and paying the ransom will just encourage the behaviour to become more popular and it will just keep coming back.  The sad thing is that Ransomware has become such an epidemic for businesses and consumers alike that the FBI has even a ransomware guide to provide suggestions to CISOs in the event that their organization has been hit.  Of course, paying the ransom is still very hit or miss when it comes to an organization actually getting their data back, with recent reports from the CyberEdge Group finding that “only about 60 percent of companies that pay ransomware demands actually get their data back in the end.”  It really becomes a crap shoot as to whether this is actually a good strategy.  (In the end, though, making sure that law enforcement is involved is always a good idea as they can always assist in eventually tracking down the hackers.)

Thus, The Register goes on to state, “When it comes down to it, the best defence against ransomware is to not get infected in the first place.  Barring that, companies should have strong backup and recovery plans.  It seems simple enough.”  We alluded to this in our blog on “Save Patient Zero”, when companies cannot afford to have a “Patient Zero”.

Let’s look at the second part of that statement.  The one about having strong backup and recovery plans.  The Register continues on with, “Even if a company is meticulous about backing up their data, the actual recovery process is far easier said than done, particularly when you have to do it with hundreds or thousands of PCs and terminals, and dozens of servers or cabinets of servers.”  So, even if an organization has a decent enough backup plan, depending on the size and the number of endpoints affected, the remediation cost could still be tremendous!  Look at the Norsk Hydro case or our blog on the Ryuk Ransomware, as a examples…

And so, we’re left with the best defence against ransomware being to “not get infected in the first place”.  This is the strategy that is the most sound and that can now actually be executed on.  And this is where Wedge’s Absolute Real-time Protection comes into play.  The Wedge Advanced Malware Blocker is the most accurate and highest performing solution available that uses the Detect and Block approach to “see” and block malware in Real-time.  Wedge uses its patented Deep Content Inspection technology to reconstruct full content, scanning it with signature-based scans, heuristic-based scans and an artificial neural engine, so that it can determine the intent of the content; whether it is safe or not.  Thus, WedgeAMB can detect and block malware in real-time before it has a chance to be seen by the end user; thus taking the possibility of infection away.  Even if the malware is a new variation or new, never-before-seen variety, it will be detected and blocked as soon as its mal-intent is revealed.

So, the solution is there for organizations to use.  The best thing about it is that we even offer a FREE 90 day trial of the Wedge Advanced Malware Blocker.  If you’re interested in protecting your organization from attacks through the strategy of prevention and not getting infected in the first place, get in touch with our team at info@wedgenetworks.com.  As we like to say, the best defence against ransomware is “Don’t get infected”.

Posted in Industry News, Latest Security News, Wedge News | Tagged , , , , , | Leave a comment

…And Another Municipality Falls to Ransomware…

Author Avatar Posted on June 5, 2019 by Wedge Chief Scientist

Ransomware attacks against municipalities have been hitting various cities around the U.S. as of late. We saw the Ryuk malware hitting Jackson County and provided an overview of how various ransomware strains are hitting governments across the globe, however, Spiceworks provides a timeline of some of the major Ransomware strikes across U.S. cities in 2017 and 2018; RecordedFuture provides an outlook for the shape of things to come for 2019, and it is not pretty.

Source: RecordedFuture May 2019

The effects of ransomware on municipalities has been causing a lot of grief, disrupting city services such as court systems, online payments systems, police departments, healthcare services, municipal databases, accounting systems, and more. Cities, both big and small, are falling victim to these attacks, with many often going unreported on the national news. The unfortunate part about it all is that, according to the “International City / County Management association, only 58% of city municipalities cannot determine where cybersecurity attacks could come from and nearly 41% have never have never conducted a cybersecurity exercise.”

With the latest attack on Baltimore we are now tracking at least one municipal ransomware attack per month, dating back to January 2017, and several months showing 2 or more attacks – the picture it paints is one of woefully unprepared municipalities. The typical story shows the municipality not paying the ransom and then having to deal with days and even weeks of computer downtime and disrupted services but at least being able to recover data. This points to at least many of the governments having some sort of backup and recovery system in place. The flip side is that the financial costs of downtime and having to go back to manual systems during the outages typically end up costing far more than the ransom being demanded! This linked chart from an article in the Baltimore Sun provides a comprehensive view.

If anything, the many cases listed continues to highlight that city and county governments need to concern themselves with cybersecurity. With the problem of these attacks not going away any time soon, the situation will most likely get worse. At Wedge, we’re hoping that as cities become more aware of the possibility of going with a “Detect and Block” solution instead of having to live with their current “Detect and Remediate” mindset, the number of municipalities hit in the future will be much less.

Municipalities and government entities can try the Wedge Advanced Malware Blocker that can Detect and STOP all forms of Ransomware in Real-time before it has a chance to hit their networks. This FREE 90 day trial can allow municipalities to save themselves from becoming just another statistic in the ongoing Ransomware story. Get in touch with our team at info@wedgenetworks.com for more information!

Posted in Industry News, Latest Security News, Wedge News | Tagged , , , , | Leave a comment

Equifax Downgraded: Financial Costs of Cyber Attacks Far Outweigh Actual Ransom or Remediation

Author Avatar Posted on May 28, 2019 by Wedge Chief Scientist

Who watches the watchers? It was very telling to read the news recently on (ZDNet, Forbes) highlighting the downgrade of credit monitoring agency Equifax by credit ratings agency Moody’s (Moody’s lowered Equifax’s outlook from stable to negative last week (May 22)). Equifax has been under mounting scrutiny over the past couple of years stemming from the massive data breach that occurred in 2017 where over 209,000 consumer credit card credentials were stolen. To make matters worse, in 2018, Equifax further announced that an additional 2.4 million U.S. customers were affected by the breach; topped off by a House Oversight Committee report on the incident at the end of the year stating that the breach was “entirely preventable”. The cause of the breach came down to a well-known vulnerability in Apache Struts with Equifax revealing that an unpatched system was at fault, despite the fact that a patch had been made available for the bug over 2 months prior to the breach occurring.

The breach, and the findings on the breach, have had a material impact on the company, with the ongoing financial costs and strains, as a result of the breach, greatly outweighing the actual cost for the remediation of the breach. Not only did Equifax have a legal expenditure charge of $690 million in their first quarter financials, the company’s Q1 2019 earnings also showed $786.8 million in general costs due to the data breach, $82.8 million in data security costs, $12.5 million in legal fees, and $1.5 million in product liability charges. The financial costs as a result of the company’s cybersecurity processes are continuing to mount, with additional class-action lawsuits and regulatory scrutiny being faced by Equifax; which could also lead to more fines and penalties.

As we had mentioned in a previous post, when cyber attacks start impacting the bottom line, companies have to look at how it will affect investors and shareholders. With Moody’s downgrade of Equifax, the breach is going to have a long-term impact on the ongoing prospects of the company both operationally and from an investor perspective.

Unfortunately, despite ramping up investments to improve security in order to prevent such a data breach from occurring again, the millions of dollars now spent on remediating and shoring up security are a drop in the bucket compared to the ongoing financial burden that the breach caused for the company. As ZDNet states: “Equifax serves as a lesson in why boards should sign up to proactive security defence rather than consider security as a budgetary afterthought.

At Wedge, we continue to focus on these cases where the victim could have easily integrated a security system such as Wedge Advanced Malware Blocker in order to take a proactive approach to security. As evidenced by Equifax’s ongoing financial fallout, it is always far more expensive to continue with the “Detect and Remediate” way of doing things. Our “Detect and Block” mantra continues to resonate with more and more organizations as they see the crippling financial effects that other organizations are facing as a result of “reactive” network security.

We continue to promote our FREE 90 day trial of the Wedge Advanced Malware Blocker that can Detect and STOP all forms of malware attacks and ransomware in Real-time, BEFORE they can cause damage. Get in touch with our team at info@wedgenetworks.com for more information on how you can join other organizations in taking a proactive approach for preventing breaches and other attacks and saving yourself from the massive financial headache that these attacks can cause.

Posted in Industry News, Latest Security News, Wedge News | Tagged , , , , , , , | Leave a comment

Is the Dazzling Future of the Smart City at Risk? How Can Smart Cities Protect Themselves Against the Effects of Ransomware?

Author Avatar Posted on May 17, 2019 by Wedge Chief Scientist

The dazzling future of the Smart City; where governments are always connected -managing traffic lights, pollution control, and the power grid – all the way down to full home automation, from smart garage door openers, to your intelligent Google Nest thermostat – is now under attack.  A recent article on Gizmodo brought up the ongoing struggles that municipalities are facing and that they will continue to face as they implement Smart City infrastructure and services.   Dr. Hongwen Zhang, our CEO, brought up in an earlier blog that Smart Cities are being developed globally faster than ever before but that they need to be aware of the growing security issues that will face them.  Due to the fact that there is an increasing number of IoT devices being added to the Smart City networks in order to automate more services, the growing number of devices is opening up these networks to increased attack surfaces. The Air Gaps that had been previously put in place to protect critical networks, are subverted to enable more efficient communication between IT networks and Operational Technology (OT) networks.

HOWEVER, as a result of inadequate security or operational defences being considered whilst the Smart City infrastructure is being put into place, we are starting to quickly see the effects of this.  As noted in the Recorded Future report on Municipal ransomware attacks that we brought up in our previous blog, many of these municipalities that are taking the step towards being Smart Cities are also becoming the targets of profit-driven hackers who are utilizing Ransomware to great effect; taking down critical systems and demanding payment to release vital databases needed by these systems.  The number of cities being hit by Ransomware continues to grow.

The Smart City future, where governments are connected 24/7 (thus, allowing them to offer services to their constituent more quickly and efficiently than ever before), is getting hit, putting a damper on municipalities looking to technology for ways to improve their systems and services.  Unfortunately, at a time where many American cities are struggling with crumbling infrastructure such as bad roads, old mass transit systems, decaying schools and hospitals, their internet infrastructure is usually facing the same fate.  This does not bode well as more and more IoT devices, equipment, etc. are added, often haphazardly, to this crumbling infrastructure.  As cities around the world rush to become “smart”, with the hopes of adding efficiencies wherever possible, security has often taken a back seat, with not enough thought on the inevitable security problems and looming privacy concerns that will be a part of being a connected city.

That is why, at Wedge Networks, we continue to further develop and constantly look at ways of improving our Network Security platform.  We feel that many of the issues that these municipalities are facing, as they rush to become “Smart”, can be dealt with using an orchestrated network-based platform that can protect the greatly increasing numbers of IoT devices that are being added to the city networks.  Working with some of our partners, who are adding smarts to their power grid in Asia, Wedge’s Absolute Real-time Protection (WedgeARP) platform is proving itself to be the underlying security base for municipalities; acting like a water treatment plant, except that it cleans all the internet traffic that feeds the endpoints on these city-wide networks.  With our patented Deep Content Inspection technology, combined with Artificial Neural Networks and multiple best-of-breed security services, WedgeARP can “see” all the content that traverses the network, detecting and blocking any and all malware in real-time, BEFORE they can reach the endpoints.  With a platform like this in place, municipalities giving into the Smart City allure, can rest a bit easier, knowing that all of the devices that they are adding can actually be protected against Ransomware, Targeted Attacks, and all of the other Malware that hackers are using to try to shut down essential services.  

As always, we continue to preach the “Detect and Block” approach to all.  Municipalities going the Smart City route should be taking up this approach as they progress down the technological path to greater efficiency.  Any city who is interested, should get in touch with our team at info@wedgenetworks.com.  We continue to offer a FREE 90 day trial of our Wedge Advanced Malware Blocker and feel that it is our civic duty to continue to provide solutions that can help municipalities with their cybersecurity efforts.

Posted in Industry News, Latest Security News, Wedge News | Tagged , , , , , | Leave a comment

Targeted Ransomware Attacks Are On the Rise and are Crippling Local Governments: How Can They Protect Themselves?

Author Avatar Posted on May 14, 2019 by Wedge Chief Scientist

Targeted ransomware attacks being perpetrated on local government entities is on the rise. Although the ransoms demanded are often relatively small, typically under $100K, the overall costs to remediate the attack and the damages inflicted by downtime and decreased efficiencies by having to go back to manual services, can often run into the hundreds of thousands of dollars; and more often than not, into the millions of dollars once all losses are finally tallied.

In a telling study by Massachusetts-based cybersecurity firm, Recorded Future, the collected evidence showed that at least 170 county, city or state governments in the US had been attacked since 2013, with at least 45 police and sheriff’s offices across the nation being hit. The numbers continue to rise. In 2019 alone, there have been 22 known public sector attacks so far, which is rapidly outpacing numbers from 2018; the latest major city to be hit being Baltimore, which was forced to quarantine its network and provide most municipal services manually. The security industry conservatively estimates that ransomware attacks are costing victims billions of dollars a year. Unfortunately, there are no precise numbers as comprehensive records of attacks around the world are not kept and not all attacks are even reported.

This rise in attacks on municipalities is a clear sign that hackers are becoming more discerning when choosing their targets: it is all about maximizing the amount of money that they can make. As we’ve stated in our blog last week, the overall number of ransomware attacks may be decreasing but the related costs are increasing as hackers become increasingly focused with more customized and targeted attacks being executed on municipalities, instead of individuals. Municipalities often have vital systems, not only in day-to-day operations but essential services such as traffic, transportation and other systems that they are more willing to pay a ransom for in order to get these services back online; as opposed to an individual that often simply decides to just go out and buy another computer.

Who are the perpetrators of these attacks? According to a CNN article covering the study, the attackers range from criminal gangs to people allegedly working at least tangentially with their countries’ governments. Unfortunately, in most cases, these attacks are carried out by hackers in other countries and often tend to be out of reach as they are in countries where they cannot be extradited to the US, nor to the districts on which they carried out the attack, in order to face charges. Also unfortunate is the fact that some of the ransomware worms that are currently being used by attackers on these municipalities were created originally by nations such as North Korea for government-sanctioned attacks before they got out of hand and got into the hands of hackers who have co-opted the malware for much more lucrative purposes.

All of this just continues to emphasize and reiterate the fact that without proper safeguards and a good solution in place, municipalities, and ultimately the residents that reside there, will continue to get bilked for hundreds of thousands, if not millions of dollars; often times, money that small municipalities cannot spare. That is why we continually bring up our “Detect and Block” solution. As part of our civic duty, we offer any municipality or government entity a FREE 90 day trial of the Wedge Advanced Malware Blocker that can Detect and STOP all forms of Ransomware in Real-time, BEFORE it has a chance to even hit your network. If a municipality can save itself from being one of the growing number of ransomware victims, we feel that our civic responsibility and duty will have been fulfilled. Get in touch with our team at info@wedgenetworks.com for more information on how we can protect your network!

Posted in Industry News, Latest Security News, Wedge News | Tagged , , , , , | Leave a comment

Ransomware Attacks May Be Decreasing BUT Related Costs Are INCREASING!

Author Avatar Posted on May 7, 2019 by Wedge Chief Scientist

Some good and bad news is coming out of the first quarter of 2019 regarding Ransomware Attacks. Dark Reading had some interesting statistics to share about the number of ransomware attacks decreasing. (Mind you, the verdict from the industry is not fully out yet on this but it is Dark Reading’s findings.) That’s the good news. However, the bad news, which we at Wedge agree upon, is how ransomware is becoming much more targeted; focusing increasingly on institutions instead of individuals. Which is leading to the netting of higher ransom payments, causing more downtime losses and requiring longer recovery times.

According to the article, the increasing cost trends are a result of an increase in the use of ransomware types such as Ryuk and Bitpayment, used in customized and targeted attacks on large enterprises. In terms of numbers, Ransomware incident responders, Coveware, suggest that the average number of days a ransomware incident lasts is 7.3 days, at an average cost of related downtime of $64,645 per incident. According to them, the average ransom amount paid by victims in cases handled by Coveware increased by 89%, going from $6,733 in Q4 2018 to $12,762 in Q1 2019.

What is of concern is that instead of using automated attacks, hackers are increasingly executing manual attacks against targeted organizations using compromised credentials; “specifically targeting high-value systems such as e-mail servers, database servers, document management servers, and public-facing servers.” As a result, downtime is increasing, with ransom-related downtime costs becoming substantial, with costs varying significantly by industry and geography. As shown by the Norsk Hydro attack, manufacturing companies are now becoming heavily targeted as they are more likely to pay a ransom to get things moving again.

Although security and law enforcement officials highly suggest against victims paying the ransom to get their data back; believing that by giving in to the ransomware demands will encourage more attacks, many victims ended up paying the ransom. According to Coveware, for the most part, companies that paid the ransom were able to get their data 96% of the time; an increase of 3% over Q4 of 2018 where the average was 93%.

In light of the worsening statistics for victims of Ransomware attacks, we continue to push for organizations to consider “Detect and Block” instead of having to go through the ordeal of “Detect and Respond”. The unfortunate fact is that if an organization becomes a victim, the costs are continuing to increase, with Ransomware continuing to be lucrative to the hackers and other bad actors out there. As a company that provides solutions that can stop Ransomware BEFORE it hits the network, we feel that these attacks could all have been prevented. If you are interested in protecting your organization from Ransomware, feel free to get in touch with our team at info@wedgenetworks.com. We offer a FREE 90 day trial of the Wedge Advanced Malware Blocker, which can Detect and STOP all forms of Ransomware before they can even enter your network. With the increasing costs to victims, what have you got to lose?

Posted in Industry News, Latest Security News, Wedge Channel Partner Forum | Tagged , , , , , | Leave a comment

Warning Investors of Cyber Security Risks to a Business’ Operations, Profitability and Share Performance – The New Norm?

Author Avatar Posted on May 3, 2019 by Wedge Chief Scientist

This article from ZDNet was of particular interest to us as a Network Security Company and really hit home how much potential financial impact Cyber-Attacks can have on any and all private and publicly listed companies. The cloud-based team collaboration platform, SLACK, recently filed documents with the SEC, with the intention of going public on the stock market. What was of particular interest in their filing is that they specifically warned new investors that cyber-attacks pose a serious risk to the performance of its stock. As per the ZDNet article, “It is very rare that a company going public lists cyber-security related issues as a major factor that may influence its stock, yet it somehow makes sense for Slack, a company whose reputation solely relies on its ability to maintain client confidentiality.” The company provided a fairly generic list of cyber-security threats that could potentially pose a risk to its business, including: “traditional computer ‘hackers’, malicious code (such as malware, viruses, worms, and ransomware), employee theft or misuse, password spraying, phishing, credential stuffing, and denial-of-service attacks”, in an effort to cover all of its bases. However, company officials also highlighted that above all of these, “nation-state supported actors” are one of the biggest threats to the company.

The biggest point to take out of Slack’s filing is that the company, due to the wealth of sensitive information on its servers about the multitude of companies that use its platform, the company expects to be at the top of most hacker groups’ target list and fully EXPECTS that it will be hacked. It’s not a matter of “if” but of “when”.

In a quote from its officials in its SEC filing: ”Despite significant efforts to create security barriers to such threats, it is virtually impossible for us to entirely mitigate these risks, especially when they are attributable to the behaviour of independent parties beyond our control”.

What this is doing is sending a clear message to its investors that cyber-attacks are almost certain to occur in the company’s future and that they should be prepared to take the financial hit when it happens.

Clearly, Slack is taking a proactive approach in this filing, and providing an abundance of caution. With other companies out there in similar situations, where they are in possession of sensitive or proprietary information that could potentially cost millions of dollars in damage if this information was hacked and leaked, going the route that Slack has gone with its recent filing may be the way to insulate itself from some of these damages.

As we wrote about in an earlier blog regarding insurance companies’ unwillingness to cover malware breaches, this could become the new norm of dealing with potential financial fallout from an “inevitable” breach; at least protecting itself from potential investor lawsuits claiming that they had not been warned of such risks.

In any event, we’ll have to see how this affects future listing from other companies. It is applaudable that Slack is taking this stance right now; taking more of a “prevention” approach to its future dealings. However, for Slack and other companies in this situation, they should really consider enhancing their networks security with a solution that follows the same “prevention” approach.

Luckily, Slack is well-designed, using a custom protocol of JSON objects sent via a WebSocket channel (which they call their Real-Time Messaging API). For the tech geeks out there, you can find out more about Slack in its documentation. WedgeARP can intercept this traffic and scan for any malicious activity; blocking in real-time when needed. For our existing customers who are using Slack, you can contact us through Wedge Support (support@wedgenetworks.com) to learn more about how you are protected.

In the mean time, the Wedge Advanced Malware Blocker, which Wedge offers FREE on a 90 day trial, takes the “prevention” angle one step further, allowing organizations to “Detect and Block” any malware (including new and never-before-seen varieties) BEFORE it hits the network. If an organization is expecting that it is going to be hacked at some point in its future, they might be able to rest a little bit easier with WedgeAMB enhancing its network security. Please email our team at info@wedgenetworks.com to find out more about how we can detect and block malware in real-time.

Posted in Industry News, Latest Security News, Wedge Channel Partner Forum, Wedge News | Tagged , , , , , , | Leave a comment

“Spending $1 on Prevention Now Can Prevent $100 (Or More) in Remediation Costs Later” – Forbes Magazine

Author Avatar Posted on April 29, 2019 by Wedge Chief Scientist

Forbes recently had another article on a ransomware outbreak that resonated with us here at Wedge Networks. Ransomware has been wreaking havoc on a growing number of municipalities as of late, taking down both essential and non-essential services and causing many municipal departments such as police and fire to go back to paper reporting. This Forbes article mentions the attack on Cleveland’s Hopkin International Airport last week in which several information systems were disrupted by a ransomware outbreak.

I don’t know about you, but I consider airports to be pretty essential in terms of transportation for both passengers and cargo in and out of their region. Thankfully, the malware that affected Hopkins International Airport only impacted some of the clerical systems, hitting email, payroll, digital records and some digital signage around the airport, as opposed to more critical infrastructure such as the air traffic control systems. In this case, travellers remained mainly unaffected as TSA was able to keep security flowing smoothly and both arrivals and departures remained on schedule.

Unlike other municipalities, such as Atlanta, which was hit by the SamSam malware, which demanded a $55K cryptocurrency payment; and which ended up costing almost $17MM to recover from, Cleveland is one of the “lucky” ones and won’t see nearly as high a financial hit. Other municipalities will not be as lucky, however. What we liked about the Forbes article is that it ended on the “prevention” mindset that Wedge Networks is a huge proponent of, suggesting that “Other municipalities need to learn from these events and be proactive – spending $1 on prevention now can prevent $100 (or more) in remediation costs later.

As we have mentioned on previous blogs, prevention could and SHOULD be the cure instead of relying on detection and expensive remediation. It continues to be our civic responsibility to all the municipalities out there to offer our Wedge Advanced Malware Blocker FREE for 90 days. Email our team at info@wedgenetworks.com to see how your organization can prevent these attacks from happening instead of paying the huge remediation bill later on!

Posted in Industry News, Latest Security News | Tagged , , , | Leave a comment

Looks Like Your Insurer Probably Won’t Be Covering Your Latest Malware Breach…

Author Avatar Posted on April 24, 2019 by Wedge Chief Scientist

So, this was a bit of an eye-opener on the financial effects from the latest corporate Malware breaches; Insurance Companies are declining coverage on the latest corporate malware breaches! In a recent article in the New York Times, it was brought to light that Mondelez International, a major global player in the food industry and one of hundreds of companies affected worldwide by the NotPetya attack in 2017, would have to bear the full burden of the more than $100MM financial hit the company experienced. Company executives had expected that their insurer, Zurich Insurance, to reimburse Mondelez for the financial blow it had suffered, only to be declined. Zurich had cited a common “war exclusion” clause that protected it and other insurers from being responsible for costs related to the damage from war. Mondelez was the unfortunate collateral damage in a never-ending cyberwar.

According to the NYT article, the 2017 NotPetya attack “was a watershed moment for the insurance industry”. Insurers, since then, have been utilizing the “war exclusion” clause in order to avoid claims related to digital attacks. Further justification was provided to insurers when the US government assigned responsibility for the NotPetya malware to Russia in 2018.

Naturally, Mondelez was not the only large conglomerate that was adversely affected by this shift coverage responsibility by the insurance industry; pharmaceutical goliath Merck, who had suffered a NotPetya attack causing to the tune of $700MM in damage, had also been denied claims from its insurer. Needless to say, disputes are still playing out in court with these major players suing their insurers for rejecting claims related to the NotPetya attack based on the “war exclusion” clause. It is expected that these cases will take years to resolve. The results of the legal fights will set major precedents regarding who pays when businesses are hit by cyberattacks blamed on foreign governments, especially when many of these insurance policies explicitly cover “cyber events” (i.e. cyber attacks).

Unfortunately, cyberattacks are a unique challenge for insurers since malware moves fast and unpredictably; often leaving a broad and expensive swath of destruction in its wake. Risks can no longer be contained and limited in such an interconnected cyber landscape. According to some industry experts, there are a multitude of insurers who are currently sitting on insurance policies that were never underwritten nor understood to cover cyber risk. Many insurers had no idea of the kind of losses that could be faced from cyber attacks such as NotPetya; but they are quickly realizing the depth of the potential harm. As such, many insurance companies are rethinking their coverage of these types of events.

Reflecting on the above, do you know if YOUR organization is covered in the event of a cyber attack? With the ongoing lawsuits against the insurers, it may be years before the final judgement is in on whether or not the insurance companies are responsible and liable for providing relief against these types of attacks. In the mean time, almost assuredly, the costs of premiums for insuring against these attacks will be going up.

Again, we come back to our all-encompassing “Detect and Block” approach to cyber security. Having to rely on an insurance payout to make your organization “whole” again after a cyber attack is so reflective of the “Detect and Remediate” mindset that continues to be followed by most of the industry and, in our view, is the much much more expensive approach. With Wedge’s Advanced Malware Blocker, an attack by NotPetya would have easily been detected and blocked BEFORE it had a chance to get into the network and cause so much damage. With Wedge’s patented Deep Content Inspection, alongside the orchestrated best-in-breed malware heuristics and artificial intelligence neural engine, even a new, never-before-seen variation of the NotPetya malware (and other major global attack malware such as WannaCry, CoinMiner, Zeus, etc.) would have been detected and blocked in real-time!

Once again, if your organization is at risk and if you’re not sure whether your insurance provides coverage in the event of a malware breach, perhaps it’s time to consider the “Detect and Block” approach to your network security. Then, you won’t have to worry about whether your insurance provides you coverage. Feel free to get in touch with our team at info@wedgenetworks.com. We offer a FREE 90 day trial of the Wedge Advanced Malware Blocker. You have nothing to lose and everything to gain!

Posted in Industry News, Latest Security News | Tagged , , , , , | Leave a comment