Just when you thought you’d seen everything with cyber attacks and cybersecurity, hackers now employ a new strategy. Instead of demanding ransom payments or threatening public data releases, they’re leveraging SEC complaints.
Unusual Tactics: Exploiting Reporting Regulations
With the increased regulations on reporting cyber incidents, criminals are capitalizing on this. Ransomware groups are resorting to filing SEC complaints against companies refusing negotiations after an attack. It’s akin to a perpetrator filing a complaint against a victim for allowing themselves to be victimized.
Exploiting Vulnerabilities: The SEC Reporting Rule
The Black Cat ransomware gang exemplifies this exploitation by using SEC incident reporting rules to pressure organizations. They list the victimized company as a defendant on a data leak website, publicly shaming compromised entities.
Amplifying Risks: Beyond Monetary Losses
This new tactic exacerbates the existing risks posed by cyberattacks. It adds to financial losses, internal labor efforts to rectify issues, ransom payments, and potential penalties. Hackers are taking it a step further, heightening the stakes for affected companies.
Mitigating Future Threats: Proactive Measures
To counter such threats, ensure adequate insurance coverage for these scenarios, robust cybersecurity defenses, and a well-defined response protocol. Immediate action upon an incident is crucial to minimizing damages and losses.