Criminal hackers do business with online extortion, perpetrators are rarely caught. There doesn’t seem to be any relaxation in sight.
According to Allianz, the danger of online blackmail for companies, authorities and critical infrastructure will increase in the coming years. In the course of the Ukraine war, the risk of cyber attacks “by nation states” is also increasing, write the experts at Allianz industrial insurer AGCS in their Cyber Report published on Wednesday.
The cases of online extortion are therefore not only increasing in number. The damage to the attacked institutions is also increasing, and not just financially. “Double and triple racketeering attacks are now the norm,” said Scott Sayce, head of cyber insurance at AGCS.
Online extortion, in its original simple form, works in such a way that hackers install malicious encryption software (“ransomware”) on a network and then demand a ransom to unlock it. With double blackmail, the hackers also steal sensitive data, which is then also used for blackmail attempts. In the threefold form, customers, suppliers, business partners and other contacts of the originally attacked organization are then blackmailed. Sayce and his colleagues warn that small and medium-sized businesses are increasingly being targeted by blackmailers.
Attachments in emails often portal of entry
The AGCS refers to estimates by the US cybersecurity company Sonic Wall, according to which there were 623 million online extortion attempts worldwide in 2021, twice as many as in 2020. This year, the number of cases fell slightly worldwide, but continued to rise in Europe. Portals of entry for the hackers are still often emails with attached files in which the blackmail software is hidden.
Another scam, in which hackers pose as superiors and deceive subordinates with fraudulent money orders and other instructions, is also spreading, according to AGCS. According to the AGCS report, hackers are increasingly using artificial intelligence to slip into managerial roles with manipulated “deep fake” audio files or videos. There was a case in 2021 in the United Arab Emirates in which $35 million was stolen from a bank after an employee was fooled with the cloned voice of his boss.
In connection with the Ukraine war, AGCS believes that the risk of espionage, sabotage and cyber attacks against companies with ties to Russia and Ukraine, as well as allies and companies in neighboring countries, is increasing. State-backed cyberattacks could target critical infrastructure, supply chains or businesses, the report says. “So far, the war between Russia and Ukraine has not resulted in a meaningful increase in cyber insurance claims, but it does indicate a potential increased risk from nation states,” Sayce said.