After a lull in 2022, cyberattacks against U.S. and international businesses have picked up steam in the last three weeks, with speculation that Russian-state hackers are looking for money to fund that nation’s year-old war with Ukraine.
David Rees, a cyber expert and executive director and broker at Howden Specialty insurance in London, spoke Thursday during the third-annual Cyber Security Summit sponsored by TribalHub.
Last fall, the chairman of the National Indian Gaming Commission said that successful cyberattacks against
tribal casinos dropped dramatically in 2022, especially after many hacks in 2021 shuttered properties, reduced revenue, and prompted ransomware payouts.
Tribes are a target not only for their casinos and patron information, but also because of their other enterprises that include healthcare and education.
Rees echoed the sentiment that attacks against businesses slowed in 2022 and 2023 until recently.
“Things in 2023 are looking far better, with insurers seeing less ransomware claims,” Rees said during the virtual summit. “They’re still seeing the severity, but the frequency has dropped, which has helped insurers to return to the market.”
Whether that continues remains to be seen. In recent weeks, Rees said ransomware incidents have increased again and there’s concern about where they’re going.
“I have to be careful when I say this. I’m not saying all ransomware attacks come from Russia, but a lot of ransomware attacks come from Russia. Given what’s going on between Russia and the Ukraine, the drop in frequency was the Russian hackers, who at one point were sitting in an office carrying out ransomware attacks, were finding themselves on the front lines fighting in Ukraine. As for why that’s increasing again, if they’re from Russia, one of the things Russia needs at the moment is money to fund the war. That’s the thought process, but it’s shared among quite a few people.”
Kimi Gordy, a partner with the national law firm BakerHostetler, who counsels clients on cybersecurity- breach response and regulatory defense, agreed with Rees that “ransomware has gotten crazy in the last three weeks.” She said her team has had seven new attacks against clients and they’re getting more creative and aggressive.
“This week, we actually had one of our clients, the CEO of the company, receive a money plant via a florist at the house, saying, ‘Hi, thinking of you, signed the threat actor.’ They’re getting creepier, scarier, and a little more personal.”
Hackers are targeting all industries, from health care and schools to manufacturing, Gordy said. Tribes are prime targets, because they have so many enterprises and assets.
“I think there’s a misunderstanding that hackers see a casino and think we’re now in ‘Oceans 11’ territory, where we have vaults of cash and an instant windfall,” Gordy said. “They’re not seeing it’s more complicated and that it’s probably going to impact schools, government, and hospitals. Tribes have all the major businesses and target areas. That is a huge risk.”
The hackers have even accessed cyber insurance policies to see how much tribes can pay, Gordy said.
While the severity of ransomware attacks didn’t go away in 2022 and the start of 2023, the frequency did, Rees said. That helped the cyber-insurance market stabilize, with fewer premium increases and reductions in some cases. Insurers that stopped writing policies have come back and new insurers are emerging.
That changing marketplace breaks a trend that started in 2020 and 2021 with the increase in severity and frequency of cyberattacks across all industries and countries. There were 100% to 300% premium increases on a regular basis for renewals, along with stricter underwriting expectations focusing on stronger security controls to prevent or mitigate ransomware, controls that haven’t gone away, Rees said.
“Insurers had far worse loss-ratio scenarios than in previous years. They started to get scared about that and what was happening on their books. I think 2021 was the worst year, when we started to see those increases.”
Despite the lull in frequency, Rees told tribal executives that cyberattacks have become more dangerous.
“Someone attacks your system, locks down and encrypts your data, and demands money to get that data back,” Rees said. “If you have backup, in theory you don’t have to pay that ransom. What we’re starting to see is that these hackers are starting to not only lock down the data, but stealing it at the same time. They say if you don’t pay, we’re going to release that data into the dark web or in the public domain where you find yourself in a privacy breach.”