The cyber operation against Norsk Hydro that became public this week is notable for several reasons, including the nature of the attack and how quickly cyber insurance coverage entered the conversation.
Publicly available details indicate that this was a targeted intrusion, with attackers putting in manual effort post-compromise to deploy ransomware to as many endpoints as possible. This is part of a broader trend in the ransomware landscape that is described by security company CrowdStrike as "big game hunting". Rather than sending phishing e-mails with ransomware to thousands or millions of addresses to collect individual ransoms, several more sophisticated criminal threat actors are conducting network compromises against enterprises with high-availability needs (hospitals, manufacturing, press, etc.) and causing maximum business disruption.
Targeted intrusions to deploy ransomware across a network is a development in the threat landscape that cyber insurers would be wise to keep an eye on. These attacks are much more dangerous than the individual ransomware cases of the past, and a company's entire business model can be put at risk. The ransoms are often astronomically higher, as well.
CyberCube included an analysis of this trend in a recent private briefing to one of our top-tier cyber insurance partners. Our threat intelligence experts will continue to track this, and other trends as they develop. More to come, no doubt!
Following yesterday’s news of an extensive malware attack on aluminium manufacturing giant Norsk Hydro, the firm’s Chief Financial Officer Eivind Kallevik has stated that its cyber insurance policy includes Business Interruption (BI), but was unable to provide further information. “I’ll be careful going into details of the insurance coverage,” said Kallevik. “We have a good and strong cyber insurance policy in place with reputable international insurance firms and they do cover Business Interruption.”