The goal is to protect businesses by interrupting the attack kill chain and stopping hackers before they’ve infiltrated systems and breached defences. Reducing loss and preventing claims.
Intervention that changes outcomes
Speaking at our UK CFC Summit, Tom Bennett, Cyber Threat Analysis Team Leader gave the example of a UK school that was on a collision course with an incoming ransomware attack.
An employee had clicked on a phishing email, which had given access to malware that had allowed the hacker to steal various passwords, obtain sensitive information and access other back-up locations.
The CFC Response team has built up partnerships with law enforcement and intelligence agencies, as well as other third-party stakeholders. It gives the team an overview of the networks and servers used by criminals and an insight into what they’re doing and what attacks they’re planning.
The team could see the school had an issue and was able to get in touch to let them know. They quickly deployed security software that removed the access the malware had left open for the criminals, ensuring they couldn’t return to steal data and hold the school to ransom.
That intervention stopped what would otherwise have been a certain ransomware attack. It enabled the school to carry on its operations unhindered and prevented a loss occurring.
Information stealers on the rise
Another type of attack increasing in popularity utilises information stealers – malware that exfiltrates information from computers. It could be passwords, cookies or anything that could give hackers access to the network. Once the information stealer has the data, it will often remove itself from the system, hiding the fact it was ever there.
CFC is able to warn and help clients protect their systems as soon as a possible breach is identified.
But even the smallest pieces of data can lead to big losses. Electronic Acts found that an information stealer had taken a session cookie for its communication app, Slack. It was sold on the Dark Web for $5. The enterprising hacker was then able to use this cookie to gain access, and convince the tech support team at Electronic Arts that they were a genuine employee who had lost their authentication key and needed to reset their password. The hacker got access to the system and the resulting loss ran to millions of dollars.
The CFC Response team scans the internet for data about such vulnerabilities and has an excellent, real-time grasp on unfolding issues and potential intrusions. They’re able to warn and help clients protect their systems as soon as a possible breach is identified. But they also support non-clients where they can.
In one example, the team discovered a company that provides electronic health record technology to around 60% of healthcare practices in the Western World, was being lined up for a ransomware attack.
The company was not a CFC client, but the team warned them of the intelligence they had uncovered about the proposed attack. This prompted the healthcare provider to make their own investigation. They quickly found the issue and were able to avoid a major loss. Their insurer was delighted, to say the least.
The CFC Response team issues hundreds of threat notifications each month. These pre-emptive strikes are empowering clients – and even those who don’t have a CFC policy – to prevent planned attacks turning into major losses.
The more attacks the team prevents, the more value our clients get from their policy – all before they even know there’s an issue or trigger a claim.
For more information about CFC's cyber threat prevention capabilities, check out our CFC Response page.