Greg Dalgetty, Editor
Cyber criminals becoming more savvy: ICRMC 2018 | Canadian Insurance

Cyber criminals becoming more savvy: ICRMC 2018

Matt Hartley of FireEye explains how hackers are getting better at what they do

Cyber criminals are still up to the same old tricks—and now they’re getting even better at them.

That was part of the message delivered by Matt Hartley, vice-president of global services and intelligence engineering with FireEye, at the 2018 International Cyber Risk Management Conference (ICRMC) in Toronto on Wednesday.

“Cyber criminals aren’t stupid—they’re going to evolve to be more successful, just like a business would,” he said. “They’re still making money, and as long as they make money, they’re going to be out there innovating and doing new things.”

Related: XL Catlin to offer Digital Resilience Score to cyber policyholders

Hartley noted that 2017 was a particularly bad year for ransomware attacks, and said that cyber criminals are now finding ways to improve their odds of getting paid.

“One of the interesting things we’ve seen is that the ransom amounts are now tailored to where you are,” he said. “When [ransomware] first started off, all the ransom costs were the same all around the world. Countries that didn’t have as much wealth had a harder time paying, or they had to bring in law enforcement and try to remediate that.

“Now the ransomware attackers are smart enough to understand that if they lower that price to a certain amount, it starts to become a harder decision for some of these companies. ‘Do I just pay? Or do I try to bring in some outside help?’”

Hartley also said it’s becoming increasingly common to see cyber criminals use the threat of distributed denial of service (DDoS) attacks to commit extortion.

“We’ve seen hackers threaten denial-of-service attacks on companies that are relying on their internet presence, and we’ve even seen actors run small-scale 50–70 gigabit per second DDoS attacks just to prove they can do it,” he said.

“It used to be that an attacker would launch the attack and they would go to maximum capacity, or they would threaten to and then launch the attack (or not). Now we’re seeing extortion in the mix as well, and we’re seeing them prove that they can actually do it.”

Canadian Insurance Top Broker is now on Facebook ( as well as LinkedIn ( and Twitter ( Follow us for easy access to the top P&C news you need to know.