Who are Medusa, and what can you do to protect your business?
Cybersecurity firm CyberCX has recently reported at least 20 double extortion schemes by the cybercriminal gang Medusa, carried out across Australia and the Pacific since January 11.
Judging by its difference in operations compared to older gangs such as ALPHV (BlackCat), CyberCX identified that Medusa is a new cybercriminal gang with members who have worked in other criminal organisations previously. Through various modes of deception—including pretending to be a cybersecurity professional—Medusa encrypts and steals company data so that businesses are forced to pay a ransom to retrieve their files.
Already, Medusa has attacked numerous countries through a range of industries including manufacturing, telecommunications, energy, hospitality and professional services. So far, one of the gang’s most prominent attacks have been the Bank of Africa on February 11th, where the cybercriminals demanded a ransom payment with a deadline for February 22nd to boost their extortion efforts.
CyberCX director of cyber intelligence and public policy Katherine Mansted explained that unlike usual methods, Medusa has not been relying on malware to hack into companies’ systems. Rather, they have been working with initial access brokers (IABS)—cybercriminals who sell credentials for compromised computer networks—to gain the compromised data for their illicit activities.
According to this kind of business relationship, IABS are paid for their technical skills to uncover vulnerabilities in target systems, which allow cybercriminal gangs like Medusa to focus on their extortion activities. IABS have been reported to capitalise on stolen data by selling it to multiple cybercriminal gangs, leading to victims and organisations being attacked multiple times in a short period.
Despite the emerging dangers the Medusa gang poses, CyberCX has also identified a myriad of weaknesses in how the organisation conducts their operations. According to Ms Mansted, the gang’s operational security and the software they use to encrypt systems contain notable vulnerabilities. And further, CyberCX has uncovered multiple social media accounts that may be operated by Medusa, including profiles on Facebook and Telegram intended to build their credibility.
Why cybercriminal gang activity is set to increase in Australia
Abigail Bradshaw, head of the ABSC, explained that citizens’ and businesses’ increased use of digital technologies in recent years have made cybercriminal activities easier to replicate at a larger scale. For cyber gangs, this reliance on digital systems without cyber insurance and thorough preventative measures makes extortion, espionage, and fraud all too easy.
Over the previous financial year, The Australian Cyber Security Centre (ABSC) received more than 76 000 cybercrime reports, with Australia’s critical infrastructure assets—electricity grid and telecommunications networks—being targeted the most. Large companies like Optus and Medibank have faced fines by the federal government for exposure in data breaches, and failure to protect their customers’ data.
Even more concerningly, this havoc within the cyber world has been heightened due to global conflict and tensions. Bradshaw explained that worrying trends have flowed in from the war in Ukraine, where the most powerful cybercrime gangs have combined efforts with entire nation-states. Director-general of the Australian Signals Directorate Rachel Noble further explained that there exist state-based actors wealthy enough to pursue similar endeavours.
Protecting your data against cybercriminal gangs is a must
With all these emerging digital risks, the thought of security breaches can be frightening and unexpected. However, it is important not to panic, as there are multiple ways that you can ensure your data is protected from cybercriminal activities.
Whether your company is online, industrial or a professional services business, every business needs a form of cyber insurance protection. Along with investing in proper security defences, Cyber Insurance can provide you with more protection, and a greater sense of safety.
The types of cybercrimes covered by cyber insurance include:
- Malicious code or malware
- Denial of service attack on your operating system
- Industrial espionage
- Identity or data theft
- Hacking attack
- Cyber Theft from fraudulent representation
- Ransomware
Although, it is important to remember that cyber insurance does NOT cover:
- Damage from intentional acts
- Your business becoming insolvent
- Incidents or claims known prior to the policy commencing
- Claims made against directors and officers (see Management Liability Insurance)
- Accidental personal injury or property damage (see Public Liability Insurance)Professional liability claims for negligence in your professional duty of care (see Professional Indemnity Insurance)
With award-winning experience in insurance brokerage, Crucial Insurance brokers are fully licensed specialists whose goal is to help you find the Cyber Insurance perfect for your situation. If you have any questions concerning cyber safety or your coverage, please don’t hesitate to Contact Us today or give us a call at 1300 400 707.
This article was written by Tony Venning,
Managing Director at Crucial Insurance and Risk Advisors.
For further information or comment please email info@crucialinsurance.com.au.
Important Disclaimer – Crucial Insurance and Risk Advisors Pty Ltd ABN 93 166 630 511. This article provides information rather than financial product or other advice. The content of this article, including any information contained on it, has been prepared without taking into account your objectives, financial situation or needs. You should consider the appropriateness of the information, taking these matters into account, before you act on any information. In particular, you should review the product disclosure statement for any product that the information relates to it before acquiring the product.
Information is current as at the date articles are written as specified within them but is subject to change. Crucial Insurance, its subsidiaries and its associates make no representation as to the accuracy or completeness of the information. All information is subject to copyright and may not be reproduced without the prior written consent of Crucial Insurance.