9 December 2019
Chris Hedenberg

Now In Flight: BlueKeep Vulnerability Alerts for Current and Prospective Policyholders

Today we’re excited to be sharing an important update of the Corvus Scan, our IT security scan technology: alerts for the BlueKeep cybersecurity vulnerability for all current and prospective Corvus policyholders.

Part of the promise of data-driven insurance, what we like to call “Smart Commercial Insurance”, is to respond to changing risk environments. In line with this ethos, we’re excited to be sharing an important update to the Corvus Scan: alerts for the BlueKeep cybersecurity vulnerability for all current and prospective Corvus policyholders

When the first reports arose last month of attack activity around the critical security vulnerability known as BlueKeep, we worked to ensure that our policyholders, and any future policyholders, would have an immediate way to know if they carried this particularly glaring risk in their IT system.

What is BlueKeep? 

BlueKeep is a critical vulnerability found in Microsoft server software called Remote Desktop Services. This vulnerability has the potential to be exploited by cybercriminals to launch ransomware, malware or other attacks. If such an attack were to take place, the results could be devastating for the targeted organization. 

BlueKeep was first discovered and reported by Microsoft in May 2019, and a patch was quickly developed to seal the vulnerability. Organizations that follow Microsoft patch releases and update their systems regularly will likely have installed this patch, and if so are already protected from BlueKeep-enabled attacks. While the number of unpatched systems has fallen steadily since the May patch was released, as many as half a million systems remain unpatched and may be harboring the vulnerability. 

The first documented attack activity on BlueKeep was reported and confirmed earlier in November, lending even greater urgency to the issue. The attack activity observed was in the category of “cryptojacking,” or the hijacking of computer resources to mine cryptocurrency. More immediately dangerous types of attacks, such as ransomware, have yet to be documented by researchers, but the potential severity of such an attack is so great that security researchers remain on high alert. 

Ransomware: A Rising Threat; No Signs of Slowing

Cyber and Tech E&O brokers have become increasingly aware of ransomware, and with good reason. This year, reports have shown dramatic increases in overall ransomware attacks, a 118% increase through the first quarter of 2019 by one count and a 363% increase through the first half of 2019 by another

A clear trend for anyone following the headlines is toward targeting both municipal governments and healthcare institutions. Recent attacks include those on a hospital system in Alabama; on over 100 nursing homes that were customers of a single IT company; on a cluster of small cities in Texas; and on major cities as well. As these types of organizations improve their defenses, the cybercriminals’ focus may shift elsewhere — but all signs point to the continued prevalence of ransomware. If defenses for hospitals and cities improve, criminals are likely to find other under-protected businesses to target. 

How Alerting from Corvus works

Whenever a broker submits an application for Smart Cyber Insurance, Smart Tech E&O, or a Smart Cyber endorsement for an Ocean Cargo policy, Corvus runs an IT-security scan over all web-facing technology systems associated with the organization — including, at times, systems or domains that were forgotten about or entirely unknown to IT managers. This Corvus Scan is key to driving underwriting decisions and also creates a detailed IT security report that is delivered to policyholders (they are given a preview report with their quote). 

If the BlueKeep vulnerability is found by the Corvus Scan in our initial scan or one of our quarterly reviews, an alert is sent to the broker with information about how to rectify the vulnerability that they can easily send to their affected client.  

A “Smart” Approach

One of the promises of data-driven insurance has always been to deliver underwriting decisions that are adapted to the current risk environment and suited to specific traits of the policyholder. We look forward to sharing more ways Corvus can help better alert and inform brokers and policyholders. If you have any questions about BlueKeep alerting, please don’t hesitate to contact us at flock@corvusinsurance.com.

Mike Karbassi

Mike Karbassi is Vice President and Head of Cyber Underwriting at Corvus. He specializes in Network Security, Privacy Liability, Technology E&O, Media Liability, and Miscellaneous Professional Liability. Karbassi has over a decade of experience in insurance and is a graduate of the Boston University Questrom School of Business.

Gerritt Graham

Gerritt is the Chief Commercial Officer at Corvus. He has over 20 years of sales and marketing experience, primarily focused on technology and data solutions for the financial services industry.

James McElhiney

James co-founded Corvus and is the company’s Chief Technology Officer. A 30+ year technology veteran, Jaimie most recently served as CTO of Iora Health and previously co-founded Gazelle.

Mike Lloyd

Mike Lloyd is the Co-Founder and Chief Product Officer of Corvus Insurance. Previously, Mike co-founded Poncho, a personal lines agency InsurTech startup, and was a venture investor at FJ Labs. Mike has an MBA from Harvard Business School and engineering degrees from Virginia Military Institute and MIT.

Phil Edmundson

Phil is the founder and CEO of Corvus. A 30+ year insurance veteran, Phil co-founded broker William Gallagher Associates (acquired by Arthur J Gallagher in 2015) and was an active leader in both the Worldwide Broker Network and Council of Insurance Agents and Brokers. Phil is the Managing Partner of Edmus Ventures where he invests in InsurTech companies including Verifly, Wellthie, Agentero, and Cover Wallet, and serves on the board of Cover Wallet.

Play Video