Cybersecurity News: Cyber Insurance, Media Supply Chain Attack, LinkedIn Security

4 minute read

November 2022

by cybergrx

Trending headlines in cybersecurity from the week:

  • Cyber insurance rates stabilizing and decelerating in 2023
  • A supply-chain attack on a media company
  • Australian cybersecurity standards
  • A third party incident disrupting trains in Denmark
  • New LinkedIn security measures

Watch this episode now:

Cyber Insurance Rates to Stabilize

There’s good news on the cyber insurance front. After months of unprecedented rate increases, the market is beginning to stabilize and is expected to decelerate in 2023, according to the new State of the Market Report by Risk Strategies. While ransomware attacks, fund transfer schemes, and systemic events remain ongoing concerns for insurers, the pace of attack claims has slowed due to improved cyber awareness and maturity in the marketplace, better awareness at the board level, and increased underwriting scrutiny. Barring a catastrophic event, organizations should expect to see rates stabilize through the end of this year and under the right conditions, decelerate 10-25% in 2023. But a word of caution, too: insurers are still focused on proper risk selection, and companies who fail to prioritize appropriate cyber controls may still experience higher rates or even loss of coverage.

Supply Chain Attack on Media Company

Media companies, usually creating the headlines, find themselves in the headlines this week. 

More than 250 U.S. news organizations recently accessed malicious SocGholish malware in a potentially dangerous supply chain attack. Cybersecurity company Proofpoint reported it observed intermittent injections on an undisclosed media company that provides video and advertising services to many major news outlets. Threat actors modified the Javascript codebase used to serve content to partner media outlets, deploying the SocGholish malware across a wider media network. SocGholish infections have historically been a precursor to ransomware, utilizing Russian-linked TA569 for initial access. By infecting a service provider that caters to many organizations, malicious actors can quickly expand their footprint and collect data from a wider variety of sources. The attack comes during a period of high activity surrounding the election, and Proofpoint’s disclosure comes on the heels of the recent incidents at the New York Post and Thomsen Retuers.

Cybersecurity Standards – Australia

In International news, Australia has been hit hard in recent months with a proliferation of cyber attacks.The lack of sufficient penalties and accountability has made Australian organizations attractive targets for cyber criminals; however, the Australian Prudential Regulation Authority is consulting on new standards to bolster operational risk management and strengthen cyber risk practices in banking, insurance, and superannuation, also known as retirement pension benefits. Major data breaches disclosed since August have affected entities across multiple sectors in Australia, although the attacks were not coordinated. The frequency and severity of these incidents carries significant implications, including ransom losses, lost business, operational interruptions, legal implications and reputational risks, and customer attrition, among others. 

Third Party Incident Causes Train Disruption in Denmark

Trains stopped last week in Denmark as a result of a cyberattack. Trains operated by DSB, the largest train operating company in the country, came to a standstill on Saturday morning lasting several hours. But the attack wasn’t targeting DSB directly. The disruption was the result of a security incident at Supeo, a Danish company that provides enterprise asset management solutions to railway companies, transportation infrastructure operators, and public passenger authorities. Supeo shut down its servers following the cyber attack, adversely impacting DSB trains. The incident illustrates how an attack on a third-party IT service provider can result in significant business disruption. 

For more visibility into your third-party ecosystem, book a CyberGRX demo now– we’ll show you your blind spots and a better way to manage your third-party risk.

Added LinkedIn Security Measures

LinkedIn users can expect to see changes coming soon to the professional networking platform. The social media giant recently announced it’s beefing up security to curb deepfake accounts and fraudulent activity. 

The changes will be rolled out globally over the next few weeks and include: 

  • An “About this Profile” feature, displaying when a profile was created, last updated, and if the member has a verified phone number and work email associated with their account.
  • Advances in deepfake image detection, using deep learning models and advanced technology to determine if a profile picture was AI-generated, which is often associated with fake accounts.
  • And warnings on messages that include high-risk content or may impact member security. The alerts also give members the opportunity to report messages they believe are a scam.

LinkedIn hopes the updates will help keep members safe and slow down cyber criminals.

All information is current as of November 7, 2022. Subscribe to receive future episodes as they are released.

View previous episodes of GRXcerpts:


Related Articles

About Us

ProcessUnity is a leading provider of cloud-based applications for risk and compliance management. The company’s software as a service (SaaS) platform gives organizations the control to assess, measure, and mitigate risk and to ensure the optimal performance of key business processes. ProcessUnity’s flagship solution, ProcessUnity Vendor Risk Management, protects companies and their brands by reducing risks from third-party vendors and suppliers. ProcessUnity helps customers effectively and efficiently assess and monitor both new and existing vendors – from initial due diligence and onboarding through termination. Headquartered outside of Boston, Massachusetts, ProcessUnity is used by the world’s leading financial service firms and commercial enterprises. For more information, visit www.processunity.com.