3 Cyber Security Trends Insureds Should Know

Unit 42, a leading cyber security insights group from Palo Alto Networks, recently released its Network Security Trends: May-July 2022 report. In the study, it was found that the most common forms of attack in recent months have involved the use of remote code execution, information disclosure, and cross-site scripting. In this article, we will break down these threats and share how insureds can defend themselves against these types of sophisticated attacks.

Remote Code Execution

Remote code execution enables attackers to surreptitiously execute harmful code using an external device. By doing this, bad actors are able to get their foot in the door by gaining preliminary access to sensitive information. Alternatively, cybercriminals can use remote code execution to install malware on a victim’s device. The most common example of this is called ransomware, and it is responsible for many of the major cyber attacks that have occurred during the last few years.

Bad actors in the space can get extremely sophisticated. For example, the FBI found that Hive, a Ransomware-as-a-service provider, extorted over 1,300 global victims to the tune of over $100M worth of hard earned cash.

Source: https://www.theregister.com/2022/11/18/hive_ransomware_fbi/

Insureds looking to defend themselves against remote code execution should consider analyzing their authentication mechanisms for vulnerabilities. Attackers tend to look for low-hanging fruit, and authentication and session management functions are often established incorrectly. Fragile security protocols make it easy for bad actors to gain access to company servers, enabling them to hijack important information via the use of remote code execution. Companies should aim to remediate weak spots as soon as a problem is identified.

Information Disclosure

The Unit 42 report also mentions the concept of information disclosure. This occurs when confidential information stored on a website is unintentionally revealed to visitors. While it may seem accidental, cyber attackers will often deliberately interact with a website in unexpected ways in an attempt to access privileged information. This can result in the exploitation of hidden names, web directories, or even user databases.

While information disclosure occurs for a number of reasons, it can be avoided by ensuring that internal content is removed from public view. For example, developers who provide internal markups in their website’s code structure should be careful to remove revealing information before deploying their website to the public. In addition, engineers should perform comprehensive checks on their websites, as this can help to identify any bugs or flaws that may unknowingly exist.

Cross-site Scripting

According to the Unit 42 report, another leading tactic used in recent cyber attacks is cross-site scripting. Cross-site scripting occurs when malicious code is weaved into the database of a trusted web application. Users who interact with the application are unsuspectingly targeted because their web browser will typically download the script due to the fact that it believes the website is a trusted source. Cross-site scripting gives cyber attackers access to sensitive information stored by the end user’s browser.

Cross-site scripting vulnerabilities can be difficult to identify because they often involve HTTP requests, which are commonly used in legitimate web development projects. One way to implement a primary layer of defense is to remove support for HTTP TRACE on all web servers. This is due to the fact that cross-site scripting attempts frequently rely on HTTP TRACE calls to exploit and collect information stored on an end user’s browser. Failure to remove HTTP TRACE support makes it easier for cyber criminals to access a company’s application, making its system less secure all around.

Insurance providers want to see evidence that insureds are actively involved in safeguarding their cyber security posture. By staying on top of recent trends, retailers can help educate their insureds on the steps necessary to gain cyber coverage and keep their systems safe.

For the full Unit 42 report, please visit: Network Security Trends Report

Limit AI is here to revolutionize your workflow.

Limit has built the State of the Art AI for insurance. Limit AI will summarize and compare your quotes, run your surplus lines taxes and fee calculations, identify coverage deficiencies, and do what you need to get your job done. Limit AI is extremely well-versed in all lines of P&C and highly skilled at analyzing your policies & quotes.

Our AI Assistant is built on Limit’s years of expertise as a commercial insurance wholesaler with hands on experience in all lines of P&C. Limit AI answers questions, drafts emails, and compares quotes & policies with substantially more rigor and attention to nuance than any other competitive AI product today.

Ready to get started? Join the waitlist by visiting limit.com/ai or email us at contact@limit.com.