Cyber-attacks skyrocket Q1, focus on zero-day software gaps: Beazley

Cyber security experts at specialist re/insurer  Beazley say the lull in cyber activity may have come to a crashing end with new cyber criminal forays into software vulnerabilities, including in cloud-based solutions.

“After a relatively quiet end to 2022, cyber incident frequency has skyrocketed in Q1 2023, with notable month-to-month increases in incidents,” leaders of Beazley's cyber services team said in a quarterly report.

“Over the past quarter, our cyber services team has seen an uptick in network attacks, many of which have been driven by cloud-based software vulnerabilities,” Beazley’s head of cyber services Christian Taube said. “And with recent supply chain attacks on the rise worldwide, the access opportunities available to hackers are increasing.”

Globally, phishing is back on the radar screen as a major threat channel as a “heightened frequency is notable.”

Software vulnerabilities are rising in frequency as a channel for hackers and pathway for ransomware, authors claim.

“Incidents that start with an exposed software vulnerability are rising in frequency in the US,” analysts said.

But as a vector for ransomware, that upward trend for software vulnerabilities has yet to set it ahead of lead pathways phishing and remote desktop protocols (RDP), previously with a combined share above 90%, now each oscillating at or above 30% of cases.

A focus on previously unknown software vulnerabilities, known as zero-day vulnerabilities, provide an explosive entry point for hackers, Beazley notes.

“When these tactics are successful, others quickly jump to imitate, leaving millions of unpatched systems at risk,” authors warn.

Corporate officials had already admitted to reports of increasing cyber activity in the first quarter, but assured investors as recently as a May 12 earnings call that the group’s claims figures hadn’t yet suffered.

“Within our own book, we haven’t seen that yet,” CEO Adrian Cox  (pictured) told analysts.

But Beazley will not avoid impact if the trend is confirmed. “I don’t think we can say we are immune to changes in the claims environment at all,” Cox said. Beazley’s own cyber council is warning on the increased activity and Beazley is studying up to work with clients on prevention. “We have to be vigilant.”

Did you get value from this story?  Sign up to our free daily newsletters and get stories like this sent straight to your inbox.