San Francisco, California, 26 March, 2021 –
Insurers are being warned of the potential for a large volume of claims resulting from recent cyber attacks by criminals on the servers running Microsoft’s best-selling email services.
Tens of thousands of Microsoft Exchange servers in businesses and organisations around the world could have been infected during a series of concerted cyber attacks since the beginning of this year. According to cyber analytics specialist CyberCube, companies in North America are more at risk than their European counterparts but large-to-medium sized businesses globally are vulnerable.
CyberCube’s new report analysing the threat for the insurance industry notes US organisations are more likely to have been using the affected Microsoft Exchange servers, as are larger businesses. Germany is also a high-risk region, as well as Africa, the Middle East, and Australasia. The report - “Understanding the potential fall-out from the ongoing Microsoft Exchange attacks” - states many smaller companies have opted for cloud-based email systems, which are unaffected.
The cyber attacks, believed to have come from Chinese state-sponsored hackers, see vulnerabilities in Microsoft Exchange servers being exploited to allow malicious code to be placed on them. This code can be used for ransomware, espionage or even misdirecting the system’s resources to mine for cryptocurrency on behalf of the criminals.
CyberCube’s report concludes that the insurance and reinsurance industries are “likely to see a long-tail of attritional claims resulting from this attack”.
William Altman, Cyber Security Consultant at CyberCube and one of the report’s authors, said: “The insurance industry is only just beginning to understand the scope of possible damage. It is too early to calculate potential losses from the theft of a corporation’s intellectual property. These kinds of data breaches could have delayed - but long-lasting - impacts on commercial competitiveness.
“An accumulation of loss could result in multiple – theoretically, tens of thousands – of companies making insurance claims to cover investigation, legal, business interruption and possible regulatory fines. There is still the ongoing possibility that even more attackers will launch ransomware or other types of destructive cyber attacks.”
Using data from over 20 million companies worldwide, CyberCube has produced heatmaps for the insurance industry to identify those regions and industries most at risk. In addition to North American and larger businesses, organisations using legacy Microsoft Exchange servers are particularly vulnerable as is the public sector generally.
Researchers believe that 10 different “advanced persistent threat actors” globally are now actively exploiting the code used in this attack in a variety of ways. Microsoft has provided patches for the vulnerabilities, but attackers seem to have stepped up their efforts to identify unpatched servers.
Check out CyberCube’s report, "Understanding the potential fall-out from the ongoing Microsoft Exchange attacks".
ENDS
About CyberCube
CyberCube delivers the world’s leading cyber risk analytics for the insurance industry. With best-in-class data access and advanced multi-disciplinary analytics, the company’s cloud-based platform helps insurance organizations make better decisions when placing insurance, underwriting cyber risk and managing cyber risk aggregation. CyberCube’s enterprise intelligence layer provides insights on millions of companies globally and includes modelling on thousands of points of technology failure.
The CyberCube platform was established in 2015 within Symantec and now operates as a standalone company exclusively focused on the insurance industry, with access to an unparalleled ecosystem of data partners and backing from ForgePoint Capital, HSCM Bermuda, MTech Capital and individuals from Stone Point Capital. For more information, please visit www.cybcube.com or email info@cybcube.com.