white-globe-on-a-desk

Bashe attack: Global infection by contagious malware by CyRiM

As organisations and economies become highly interconnected, it exposes themselves to new types of risks, such as the potential for vulnerabilities and manipulation in a cyber attack. In a new report by the Cyber Risk Management (CyRiM) project, a Singapore based public-private initiative for studying cyber risks.

The team created a “Bashe Attack” scenario to simulate a large scale global cyber attack that results in “catastrophic economic and insurance losses with lasting consequences”. The ransomware was spread using a phishing email and when one employee opens the attachment, all data on computers sharing the network with that device have been fully encrypted and forwarded to all other contacts; infecting other companies as well.

What were the findings?

  • A global ransomware cyber-attack could potentially affect over 600,000 businesses worldwide and cost $193 billion.
  • The top three sectors that suffered the highest economic loss are:
  1. Retail ($15 billion) – attack on payment system causing significant sales revenue
  2. Healthcare ($10 billion) – attack on legacy systems and old healthcare IT equipment that will slow down restoration
  3. Manufacturing ($9 billion) – attack on manufacturing equipment that stops production
  • The regions that showcased the highest economic loss are:
  1. S ($46-89 billion) – mainly driven by infection on premier-sized companies and finance sector
  2. Europe ($30-76 billion) – infection on a higher number of small-medium sized enterprises due to poor cyber security preparedness.
  3. Asia ($6-19 billion) – Lower than the US and Europe due to the lesser number of sectors with high vulnerability scores. Healthcare, transportation and manufacturing have seen to be most affected in this region.
  • Insurance sector will benefit from this study, in terms of policy, legal and aggregation issues in cyber insurance offerings.

For the full report, please visit https://www.lloyds.com/news-and-risk-insight/risk-reports/library/technology/bashe-attack

Date:

February 1, 2019

How can we work together?

Get in touch.