MS Exchange attacks to hit larger firms

Insurers are being warned of the potential for a large volume of claims resulting from recent cyber attacks by criminals on the servers running Microsoft’s email services. 

Tens of thousands of Microsoft Exchange servers in businesses and organisations around the world could have been infected during a series of concerted cyber attacks since the beginning of this year.

Companies in North America are more at risk than their European counterparts but large-to-medium sized businesses globally are vulnerable. 

CyberCube’s report analysing the threat for the insurance industry notes US organisations are more likely to have been using the affected Microsoft Exchange servers, as are larger businesses.

Germany is also a high-risk region, as well as Africa, the Middle East, and Australasia. Many smaller companies have opted for cloud-based email systems, which are unaffected. 

The cyber attacks, believed to have come from Chinese state-sponsored hackers, see vulnerabilities in Microsoft Exchange servers being exploited to allow malicious code to be placed on them. This code can be used for ransomware, espionage or even misdirecting the system’s resources to mine for cryptocurrency on behalf of the criminals. 

CyberCube concludes that the insurance and reinsurance industries are “likely to see a long-tail of attritional claims resulting from this attack”. 

William Altman, cyber security consultant at CyberCube, said: “The insurance industry is only just beginning to understand the scope of possible damage. It is too early to calculate potential losses from the theft of a corporation’s intellectual property. These kinds of data breaches could have delayed - but long-lasting - impacts on commercial competitiveness. 

“An accumulation of loss could result in multiple – theoretically, tens of thousands – of companies making insurance claims to cover investigation, legal, business interruption and possible regulatory fines. There is still the ongoing possibility that even more attackers will launch ransomware or other types of destructive cyber attacks.” 

Using data from over 20 million companies worldwide, CyberCube has produced heatmaps for the insurance industry to identify those regions and industries most at risk. In addition to North American and larger businesses, organisations using legacy Microsoft Exchange servers are particularly vulnerable as is the public sector generally. 

Researchers believe that 10 different “advanced persistent threat actors” globally are now actively exploiting the code used in this attack in a variety of ways.

Microsoft has provided patches for the vulnerabilities, but attackers seem to have stepped up their efforts to identify unpatched servers.