According to Allianz, the risk of online extortion for companies, authorities and critical infrastructure will increase in the coming years. In addition, the risk of cyberattacks "by nation states" is also increasing as a result of the war in Ukraine, write the experts at Allianz industrial insurer AGCS in their Cyber Report published on Wednesday.

According to the report, cases of online blackmail are not only increasing in number. The damage to the institutions attacked is also increasing, and not just financially. "Double and triple extortion attacks are now the norm," said Scott Sayce, head of the cyber insurance division at AGCS.

Online extortion in its original single form works by hackers installing malicious encryption software (ransomware) on a network and then demanding a ransom to unlock it. In double extortion, the hackers also steal sensitive data, which is then also used for extortion attempts. In the triple form, customers, suppliers, business partners and other contacts of the originally attacked organization are also blackmailed. Sayce and his colleagues warn that small and medium-sized companies are increasingly being targeted by blackmailers.

623 million online blackmail attempts worldwide

The AGCS refers to estimates by the US cybersecurity company Sonic Wall, according to which there were 623 million online extortion attempts worldwide in 2021, twice as many as in 2020. This year, the number of cases has fallen slightly worldwide, but has continued to rise in Europe. Hackers still often use emails with attached files in which the blackmail software is hidden.

Another scam, in which hackers pose as superiors and deceive subordinates with fraudulent payment instructions and other instructions, is also becoming increasingly widespread, according to AGCS. According to the AGCS report, hackers are increasingly using artificial intelligence to slip into supervisor roles with manipulated "deep fake" audio files or videos. According to the report, there was a case in the United Arab Emirates in 2021 in which 35 million dollars were stolen from a bank after an employee was deceived with the cloned voice of his boss.

In connection with the war in Ukraine, the AGCS assumes that the risk of espionage, sabotage and cyber attacks against companies with links to Russia and Ukraine as well as to allies and companies in neighboring countries is increasing. State-sponsored cyber attacks could target critical infrastructure, supply chains or companies, the report states. "So far, the war between Russia and Ukraine has not led to a significant increase in cyber insurance claims, but it does indicate a potential increased risk from nation states," Sayce said.