Incidents of fraudulent instruction scams were up 13 percent in 2022, according to specialist insurer Beazley’s new Cyber Services Snapshot report.
Under fraudulent instruction scams, criminals use hacking and phishing techniques to accumulate information that allows them to send plausible-looking requests to transfer funds to bogus accounts. In addition to losing money, organizations may also have to conduct extensive systems analysis to ensure that individuals’ personal and private data have not been compromised.
“Current trends indicate that threat actors will continue to pursue fraudulent instruction as a profitable tactic in 2023,” Beazley said.
Loss of data, according to the report, is another point of concern. In 2022, data exfiltration became “solidly a part of the threat actor’s playbook,” with all but one cyber extortion incident in Q4 2022 involving a threat of data exfiltration, said Beazley.
“Extortion techniques are evolving. Today, multiple threat actors can be involved in an attack,” the insurer said. “Even with proof of deletion, your data may still be out there in other threat actors’ hands, exposing your organization to legal and reputational risks.”
Legal risks were also highlighted in the report, with cyber extortion with data exfiltration driving class-action lawsuits in 2023, Beazley predicted. The insurer has noticed that plaintiffs are filing more class actions with a smaller potential class size.
“We are seeing class actions based on notified populations of as few as 1,500, when a year ago, 50,000 notified individuals would be considered small. Thus far, the smaller classes seem to involve impacted SSNs but not necessarily protected health information,” noted Amanda Thai, a cyber claims product specialist in New York.
Multiple class actions filed for the same breach is another trend to watch since it affects attorneys’ fees and settlements. Beazley also warned corporations to keep an eye on third-party litigation in the U.S.