Cyber analytics specialist CyberCube is warning the insurance industry of the potential for a large volume of claims related to cyberattacks on the servers running Microsoft’s email services.
Tens of thousands of Microsoft Exchange servers in businesses and organisations around the globe may have been infected during a series of attacks that commenced at the beginning of the year, according to a new report from CyberCube. Businesses in North America are more at risk than those in Europe, but large to medium-sized businesses around the world are vulnerable.
US organisations are more likely to have been using the compromised Microsoft Exchange servers, as are larger businesses, the report found. Germany, Africa, the Middle East, and Australasia were also identified as high-risk regions. Many smaller companies weren’t affected by the attacks, as they opted to use cloud-based email systems, which weren’t targeted.
The attacks, which are believed to have been carried out by Chinese state-sponsored hackers, exploited vulnerabilities in Microsoft Exchange servers to allow malicious code to be placed on them. The code can be used for ransomware, espionage, or redirecting system resources to mine for cryptocurrency on behalf of the criminals.
CyberCube’s report concluded that the insurance and reinsurance industries are “likely to see a long-tail of attritional claims resulting from this attack.”
“The insurance industry is only just beginning to understand the scope of possible damage,” said report co-author William Altman, cybersecurity consultant at CyberCube. “It is too early to calculate potential losses from the theft of a corporation’s intellectual property. These kinds of data breaches could have delayed – but long-lasting – impacts on commercial competitiveness. An accumulation of loss could result in multiple – in theory, tens of thousands – of companies making insurance claims to cover investigation, legal, business interruption and possible regulatory fines. There is still the ongoing possibility that even more attackers will launch ransomware or other types of destructive cyberattacks.”
CyberCube, using data from more than 20 million companies worldwide, has produced heat maps for the insurance industry to identify regions and industries most at risk. In addition to North American and larger businesses, firms using legacy Microsoft Exchange servers are especially vulnerable, as is the public sector.
Researchers believe that 10 different “advanced persistent threat actors” across the globe are actively exploiting the code used in the attacks, CyberCube said.