By Richard Hummel, threat intelligence lead at NETSCOUT
As cybercriminals continue to adapt their methodology, businesses in the insurance sector need to be especially vigilant of the current threat landscape. Indeed, according to NETSCOUT’s recently published DDoS Threat Intelligence Report, adversaries had launched an increase in attacks against insurance agencies and brokerages near the end of last year to cash in on distributed-denial-of-service (DDoS) extortion pay-outs.
Although the report confirmed our predictions that overall DDoS activity would decrease – by three per cent in this timeframe – recent activity suggests that cybercriminals used this time to ‘sharpen their knives’, developing their techniques and identifying new targets. We also identified a rise in industry-specific targeting and direct-path attacks which suggests that adversaries are trying to zone in on targeting specific organisations, like the insurance industry. While this might sound like there would be less overall damage, ‘focusing’ DDoS attacks is akin to using a homing missile instead of a sniper rifle – causing damage not only to the intended target but to everything around it.
With the rapid adoption of DDoS attacks by cybercriminals, insurance agencies should take the time to learn about these attacks, the damages they can impose, and how to successfully mitigate the associated risks.
DDoS attacks targeting financial and insurance organisations
One of the notable observations we made in our latest Threat Intelligence Report, was a considerable increase in DDoS extortion attacks. We identified three prolific DDoS extortion campaigns operating simultaneously. This is significant because, although one campaign within a year is not out of the norm, it is rare to have multiple campaigns deployed within such a small amount of time. This activity suggests that cybercriminals are especially motivated by making quick profits and bolstering their extortion efforts via deploying ransomware, stealing data, and launching targeted DDoS attacks.
When it comes to insurance agencies and brokers, the sector faced a large 257 per cent increase in DDoS attacks during the second half of 2021, many of which were DDoS extortion events and likely due to the assumed amount of capital held within these organisations.
Another trend that affects finance and insurance sectors is the continued targeting of the connectivity supply chain. Previously, we have seen adversaries targeting vital gateways to online life such as DNS servers, virtual private network (VPN) concentrators and services, and internet exchanges. Successful attacks against them can cause a cascade of collateral damage that impacts a huge range of entities, from banks and insurers to wired and wireless service providers—not to mention myriad individual users.
In the second half of 2021, we saw this trend extend to computer manufacturing. DDoS activity targeting computer technology manufacturers increased by 162 per cent, along with a 263 per cent increase in attacks towards electronic device and computer storage manufacturers near the end of 2021. This is concerning, as DDoS attacks can cause major disruptions onto manufacturing companies which provide the technology needed for small enterprises and large international corporations to stay in business – as well as those in the insurance sectors.
DDoS attacks targeting the connectivity supply chain can impose a range of knock-on effects onto several industries relying on similar networks, so insurance agencies need to be aware of the current DDoS methodologies that will likely affect their business. However, insurance agencies must not only be aware of the risks relating to losing their own network connectivity – which will subsequently disrupt their business operations – they also need to be aware of the trends that affect other businesses when it comes to drafting future policies for their customers.
How insurance agencies and brokers can mitigate these attacks
With each passing year, DDoS activity is expected to increase in both frequency and intensity. This is already proving to be the case. Along with the widescale adoption of these attack methods continuing, triple extortion campaigns incorporating DDoS are also expected to become progressively more detrimental in time. It is evident from these significant changes in attack methodology that cybercriminals are only improving their techniques and building the momentum needed to launch even more destructive and complex attacks in the future.
With this, the imposed damages by these attacks will only increase delays of daily operations and financial losses to those insurance firms choosing to pay attackers, with the false hope that their attackers will stay away. Instead, organisations must match these attacks with equally effective DDoS protection systems in order to successfully defend their online infrastructures and digital assets.
In doing so, insurance companies should consider enlisting an on-demand DDoS attack specialist to help navigate through the unfamiliar cyberthreat landscape. Expert advice and insight of this kind can greatly benefit individual teams, the entire company, and its key stakeholders in better understanding how to mitigate the risks of emerging DDoS attacks.
Additionally, investing in a strong and effective DDoS protection system is also necessary to successfully mitigate emerging DDoS threats. Only by implementing a comprehensive DDoS mitigation system can organisations within the insurance sector prevent DDoS attacks from imposing significant damages. However, it is imperative that these protection systems are regularly maintained and tested to identify recent changes in attack methodology. Periodic testing in this way ensures that not only are changes to an organisation’s online systems incorporated into a well-rounded protection plan, but also provides insight into new attack trends and how to proactively prepare for them.
Positioning cybersecurity measures for success in this way will provide organisations with more favourable chances of defending their online infrastructures from potential DDoS attacks and extortion campaigns. By carefully following current best practices and implementing effective mitigation tools with the help of an expert, insurance agencies and brokerages can successfully protect their digital assets from DDoS attacks and truly take charge of their cybersecurity to prolong their business continuity.
