Now In Flight: BlueKeep Vulnerability Alerts for Current and Prospective Policyholders

Today we’re excited to be sharing an important update of the Corvus Scan, our IT security scan technology: alerts for the BlueKeep cybersecurity vulnerability for all current and prospective Corvus policyholders.

An Important Update to the Corvus Scan

We sat down with Tora to talk about her approach to product management, working with brokers, and what she’s excited to do next with the CrowBar.

Part of the promise of data-driven insurance, what we like to call “Smart Commercial Insurance”, is to respond to changing risk environments. In line with this ethos, we’re excited to be sharing an important update to the Corvus Scan: alerts for the BlueKeep cybersecurity vulnerability for all current and prospective Corvus policyholders. 

When the first reports arose last month of attack activity around the critical security vulnerability known as BlueKeep, we worked to ensure that our policyholders, and any future policyholders, would have an immediate way to know if they carried this particularly glaring risk in their IT system.

What is BlueKeep? 

BlueKeep is a critical vulnerability found in Microsoft server software called Remote Desktop Services. This vulnerability has the potential to be exploited by cybercriminals to launch ransomware, malware, or other attacks. If such an attack were to take place, the results could be devastating for the targeted organization. 

BlueKeep was first discovered and reported by Microsoft in May 2019, and a patch was quickly developed to seal the vulnerability. Organizations that follow Microsoft patch releases and update their systems regularly will likely have installed this patch, and if so are already protected from BlueKeep-enabled attacks. While the number of unpatched systems has fallen steadily since the May patch was released, as many as half a million systems remain unpatched and may be harboring the vulnerability. 

The first documented attack activity on BlueKeep was reported and confirmed earlier in November, lending even greater urgency to the issue. The attack activity observed was in the category of “cryptojacking,” or the hijacking of computer resources to mine cryptocurrency. More immediately dangerous types of attacks, such as ransomware, have yet to be documented by researchers, but the potential severity of such an attack is so great that security researchers remain on high alert. 

Ransomware: A Rising Threat; No Signs of Slowing

Cyber and Tech E&O brokers have become increasingly aware of ransomware, and with good reason. This year, reports have shown dramatic increases in overall ransomware attacks, a 118% increase through the first quarter of 2019 by one count and a 363% increase through the first half of 2019 by another. 

A clear trend for anyone following the headlines is toward targeting both municipal governments and healthcare institutions. Recent attacks include those on a hospital system in Alabama; on over 100 nursing homes that were customers of a single IT company; on a cluster of small cities in Texas; and on major cities as well. As these types of organizations improve their defenses, the cybercriminals’ focus may shift elsewhere -- but all signs point to the continued prevalence of ransomware. If defenses for hospitals and cities improve, criminals are likely to find other under-protected businesses to target. 

How Alerting from Corvus works

Whenever a broker submits an application for Smart Cyber Insurance, Smart Tech E&O, or a Smart Cyber endorsement for an Ocean Cargo policy, Corvus runs an IT-security scan over all web-facing technology systems associated with the organization -- including, at times, systems or domains that were forgotten about or entirely unknown to IT managers. This Corvus Scan is key to driving underwriting decisions and also creates a detailed IT security report that is delivered to policyholders (they are given a preview report with their quote). 

If the BlueKeep vulnerability is found by the Corvus Scan in our initial scan or one of our quarterly reviews, an alert is sent to the broker with information about how to rectify the vulnerability that they can easily send to their affected client.  

A “Smart” Approach

One of the promises of data-driven insurance has always been to deliver underwriting decisions that are adapted to the current risk environment and suited to specific traits of the policyholder. We look forward to sharing more ways Corvus can help better alert and inform brokers and policyholders. If you have any questions about BlueKeep alerting, please don’t hesitate to contact us at flock@corvusinsurance.com.

Ransomware Webinar: What Brokers Should Know Now

Watch a full recording of the recent webinar here.