Insurance Edge has predicted since last summer that the next virus to emanate from China will not be a variant of the common cold, but a series of cyber attacks. Expect more ships to mysteriously run aground this year, messenger services on social media to suddenly go down and international payment services to malfunction. When you suddenly switch to an online economy and try to abolish cash – which many countries are now doing – you leave yourself open to attack as systems are hurriedly integrated and updated.
So it’s no surprise that insurers are being warned of the potential for a large volume of claims resulting from cyber attacks by criminals, targeting companies and public sector departments running Microsoft’s best-selling email services.
Tens of thousands of Microsoft Exchange servers in businesses and organisations around the world could have been infected during a series of concerted cyber attacks since the beginning of this year. According to cyber analytics specialist CyberCube, companies in North America are more at risk than their European counterparts but large-to-medium sized businesses globally are vulnerable.
CyberCube’s new report analysing the threat for the insurance industry notes US organisations are more likely to have been using the affected Microsoft Exchange servers, as are larger businesses. Germany is also a high-risk region, as well as Africa, the Middle East, and Australasia. The report – Understanding the potential fall-out from the ongoing Microsoft Exchange attacks – states many smaller companies have opted for cloud-based email systems, which are unaffected.
The cyber attacks, believed to have come from Chinese state-sponsored hackers, see vulnerabilities in Microsoft Exchange servers being exploited to allow malicious code to be placed on them. This code can be used for ransomware, espionage or even misdirecting the system’s resources to mine for cryptocurrency on behalf of the criminals.
CyberCube’s report concludes that the insurance and reinsurance industries are “likely to see a long-tail of attritional claims resulting from this attack”.
William Altman, Cyber Security Consultant at CyberCube and one of the report’s authors, said: “The insurance industry is only just beginning to understand the scope of possible damage. It is too early to calculate potential losses from the theft of a corporation’s intellectual property. These kinds of data breaches could have delayed – but long-lasting – impacts on commercial competitiveness.
“An accumulation of loss could result in multiple – theoretically, tens of thousands – of companies making insurance claims to cover investigation, legal, business interruption and possible regulatory fines. There is still the ongoing possibility that even more attackers will launch ransomware or other types of destructive cyber attacks.”
Using data from over 20 million companies worldwide, CyberCube has produced heatmaps for the insurance industry to identify those regions and industries most at risk. In addition to North American and larger businesses, organisations using legacy Microsoft Exchange servers are particularly vulnerable as is the public sector generally.
Researchers believe that 10 different “advanced persistent threat actors” globally are now actively exploiting the code used in this attack in a variety of ways. Microsoft has provided patches for the vulnerabilities, but attackers seem to have stepped up their efforts to identify unpatched servers.
Check out CyberCube’s report, Understanding the potential fall-out from the ongoing Microsoft Exchange attacks.