Cyber risk: Malicious threat actors raise the stakes

Global cyber crime stakes were raised significantly throughout 2022, with entire governments falling victim to regular and sometimes devastating attacks.

This is among the findings of Tokio Marine HCC International’s third annual Cyber Incidents Report, which shows Russia’s use of cyber warfare in Ukraine to supplement its traditional war machine leading the pack in this year’s top ten cyber incidents.

Several attacks were documented before the invasion with most of the Ukraine government’s websites, banks and radio stations coming under massive DDoS attacks.

TMHCCI’s report shows that almost 30 of Costa Rica’s government institutions came under attack in April, taking tax, import and export operations offline for a number of days. The Russian hackers responsible for the attack demanded a ransom of US$10m, while the Costa Rican government is estimated to have lost around US$30m each day its systems were down. Meanwhile, the Finnish government came under attack when Russian hackers directed a DDoS attack against the parliament’s external websites there.

Despite this activity against government organisations, businesses are still the most attractive target for threat actors, with Revolut, Shein, Twitter and TSB amongst the most notable incidents in terms of financial and reputational costs.

Attacks at the heart of the world’s biggest IT providers are also highlighted in TMHCCI's report. In late September, two new Microsoft Exchange vulnerabilities were discovered and disclosed publicly but the nature of the vulnerabilities means they pose a systemic risk of incalculable consequences to numerous organisations.

Commenting on 2022’s cyber crime activity, Isaac Guasch, cyber security leader at TMHCCI and author of the report said: “Cyber incidents aren’t just increasing in volume and cost. They are becoming larger, more sophisticated, coordinated and damaging and governments are very much in the cyber criminal’s crosshairs.

“Increasingly, hackers are testing unprepared governments in the pursuit of a ransom or to score political points. And as the report shows, the development of artificial intelligence threatens to arm criminals with even more sophisticated weapons. Hackers could access the systems used to train and operate the AI, allowing them to manipulate the algorithms and exploit or disrupt the system. Likewise, they could use AI to automate their cyber attacks, making them much harder to defend against.

“As criminals evolve, adapt their approaches and acquire new weaponry, so too are the defences against them adapted. At Tokio Marine HCC International, we are constantly discovering new threats and developing new defences against them,” Guasch added.

    Share Story:


Cyber risk in the transportation industry
The connected nature of the transport and logistics industries makes them an attractive target for hackers, with potentially disruptive and costly consequences. Between June 2020 and June 2021, the transportation industry saw an 186% increase in weekly ransomware attacks. At the same time, regulations and cyber security standards are lacking – creating weak postures across the board. This podcast explores the key risks. Published April 2022.

Political risk: A fresh perspective
CIR’s editor, Deborah Ritchie speaks with head of PCS at Verisk, Tom Johansmeyer about the confluence of political, nat cat and pandemic risks in a world that is becoming an increasingly risky place in which to do business. Published February 2022.