Increasingly prevalent remote desktop protocol threats, ransomware incidents, business email compromise attacks, and phishing campaigns have triggered an increase in cyber insurance claims and insurance costs for companies, reports The Record, a news site by cybersecurity firm Recorded Future.
Managing RDP risks have been challenging due to the fleeting nature of RDP, with threat actors immediately exploiting intermittently open RDP, according to Coalition Cybersecurity Engineer Tommy Johnson. The coalition also found that ransomware claims rose by 10% in the second half of 2021 as average ransom demands grew by 20%.
Cyber insurance carriers have also been wary of Microsoft Exchange and Log4j vulnerabilities exploited in attacks. While some organizations continue to have unfinished incident response plans, more have been strengthening cybersecurity in adherence to processes required by insurers, noted Cowbell Cyber Vice President Isabelle Dumont.
"It is important to keep in mind that immunity against cyber attacks does not exist. 100% of businesses, regardless of size and industry, can be faced with a cyber incident," Dumont added.
CyberScoop reports that federal civilian agencies have been ordered by the Cybersecurity and Infrastructure Security Agency to provide regular reports on software vulnerabilities as part of a new directive aimed at improving vulnerability detection and asset visibility in federal networks.
BleepingComputer reports that Microsoft's mitigations for the actively exploited Microsoft Exchange zero-day flaws, tracked as CVE-2022-41040 and CVE-2022-41082, have been deemed by cybersecurity experts to be significantly inadequate to curb attacks.