Cybercrime , Fraud Management & Cybercrime , Incident & Breach Response

Breach Roundup: Cyber Insurance Doesn't Cover Breach Costs

Also: The US Supreme Court; Polyfill; BEC Compromise for Frozen Chicken
Breach Roundup: Cyber Insurance Doesn't Cover Breach Costs
Image: Shutterstock

Every week, Information Security Media Group rounds up cybersecurity incidents and breaches around the world. This week, cyber insurance policies fell short, the Supreme Court rejected efforts to fight disinformation, Polyfill apparently was hijacked, cybercriminals stole chicken, Levi warned of a credential stuffing attack, hackers targeted Android devices, and a lab in South Africa was hit by ransomware.

See Also: 57 Tips to Secure Your Organization

Cyber Insurance Probably Won't Cover All Breach Costs

Nine in 10 companies that participated in a survey have some form of cyber insurance coverage, but a hefty majority say their post-incident reimbursement falls short of their actual recovery costs. Security firm Sophos surveyed 5,000 IT and cybersecurity professionals working in organizations with between 100 and 5,000 employees located across the globe. Of those surveyed, 63% said their total costs exceeded the policy limit, 58% said the insurer refused to reimburse costs undertaken without permission, and 45% said they experienced costs not covered by the policy.

Insurance broker Marsh earlier this month reported that one-fifth of its clients in the United States and Canada submitted a cyber claim in 2023, a level "consistent with the percentage over the past five years." The sectors most affected by cyber incidents -healthcare, communications, retail/wholesale, financial institutions, and education - have also remained consistent over the past five years.

Supreme Court Strikes Down Efforts to Flag Disinformation

The U.S. Supreme Court on Wednesday turned down a Republican-led lawsuit against federal efforts to encourage social media companies to limit disinformation. A 6-3 ruling authored by Justice Amy Coney Barrett overturned an appeals court decision that found that that federal agencies, including the Surgeon General's Office, the FBI and the Cybersecurity and Infrastructure Security Agency, likely coerced or significantly encouraged social media platforms to remove user content.

Republican attorneys general from Louisiana and Missouri and seven individual plaintiffs claimed the federal government violated First Amendment rights by pressuring Facebook, Google and X to suppress posts on the novel coronavirus pandemic and election integrity. The opinion, joined by two other conservative justices and all three liberal justices, found that the plaintiffs lacked standing to sue. Rather than suing the platforms directly, plaintiffs took aim at the government. But, "it appears that the platforms remain free to enforce, or not to enforce," content moderation policies regardless of government pressure, Barrett said.

"The plaintiffs, without any concrete link between their injuries and the defendants' conduct, ask us to conduct a review of the yearslong communications between dozens of federal officials, across different agencies, with different social media platforms, about different topics," Barrett said for the majority. "This court's standing doctrine prevents us from exercising such general legal oversight of the other branches of government."

A dissent penned by Justice Samuel Alito and joined by two other conservative justices said the government behaved in a "blatantly unconstitutional" manner. "A coterie of officials at the highest levels of the federal government continuously harried and implicitly threatened Facebook with potentially crippling consequences if it did not comply with their wishes about the suppression of certain COVID-19-related speech," he said.

Regardless of the outcome, the lawsuit stopped some government efforts at tamping down misinformation. CISA through mid-2022 forwarded reports from third parties about election misinformation in communications it called "switchboarding." It no longer does so, and the Biden administration has said it will not resume operations for the 2024 election.

Polyfill.io Hijacked; Malicious Code Injected in 100,000 Websites

More than 100,000 websites are affected by an apparent supply chain attack on the cdn.polyfill.io domain. Initially used to host JavaScript polyfills, the domain was acquired by Chinese CDN company Funnull in February, leading to security concerns. Recently, Sansec and C/side found that the domain injects malicious code into affected websites, redirecting users to sports betting and adult sites. The malicious code adapts based on HTTP headers and device types, evades detection and potentially enables formjacking and data theft.

Domain registrant Namecheap took down the domain on Wednesday, apparently ending the threat. Google previously warned advertisers about loading JavaScript from polyfill.io and other domains, blocking Google Ads on compromised sites. Cloudflare said Wednesday it released an automatic JavaScript URL rewriting service "that will rewrite any link to polyfill.io found in a website proxied by Cloudflare to a link to our mirror under cdnjs."

The Polyfill account on social media network X said on Wednesday that the company is the victim of a defamation campaign. "We have no supply chain risks because all content is statically cached. Any involvement of third parties could introduce potential risks to your website, but no one would do this as it would be jeopardize our own reputation," it said. The company relaunched on polyfill.com.

Cybercriminals Arrested for Massive Frozen Chicken Fraud

Spanish authorities arrested three individuals in Madrid accused of orchestrating a complex fraud scheme involving 78 tons of frozen chicken and a business email compromise method. The criminals allegedly impersonated a Dutch multinational to deceive a Finnish company into shipping the chicken, valued at nearly 292,000 euros, to Spain rather than the Netherlands.

One of those arrested is an IT expert wanted for fraud in Romania. Police raids in Valencia and Madrid recovered 51 tons of the stolen chicken and documents detailing the fraudulent operation.

Levi Alerts Customers to Credential Stuffing Attack

Clothing brand Levi Strauss reported that approximately 72,000 customer accounts may be compromised due to a credential stuffing attack. The denim retailer disclosed that while its network was not breached, attackers reused passwords from other sites to access customer data, including names, emails, addresses, order histories and the last four digits of payment cards. The breach was detected on June 13, the company said.

Open-Source Malware Targets Android Devices

Security experts flagged an open-source remote administration tool called Rafel as a significant threat to Android devices. Check Point Research said multiple threat actors, including "an espionage group," use Rafel for malicious activities. Rafel enables remote access, surveillance, data exfiltration, and persistence on compromised devices.

Checkpoint analyzed 120 command-and-control servers and identified the United States, China and Indonesia as the most affected countries. The most commonly compromised devices are from Samsung, Xiaomi, Vivo and Huawei, Checkpoint said.

South Africa's National Health Laboratory Service Breached

South Africa's National Health Laboratory Service said Tuesday that ransomware hackers on Saturday targeted and attacked "select points" on its IT system. The attack did not affect patient data, the lab said, but it blocked communications from the laboratory information system to other databases.

South Africa is currently experiencing an outbreak of monkeypox, with 16 confirmed cases and three dead, according to the government.

Other Coverage From Last Week

With reporting from Information Security Media Group's Prajeet Nair in Bengaluru, India, and David Perera in Washington, D.C.


About the Author

Anviksha More

Anviksha More

Senior Subeditor, ISMG Global News Desk

More has seven years of experience in journalism, writing and editing. She previously worked with Janes Defense and the Bangalore Mirror.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.