General Insurance Article - MS Exchange attacks may lead to thousands of claims


Insurers are being warned of the potential for a large volume of claims resulting from recent cyber attacks by criminals on the servers running Microsoft’s best-selling email services.

 Tens of thousands of Microsoft Exchange servers in businesses and organisations around the world could have been infected during a series of concerted cyber attacks since the beginning of this year. According to cyber analytics specialist CyberCube, companies in North America are more at risk than their European counterparts but large-to-medium sized businesses globally are vulnerable.

 CyberCube’s new report analysing the threat for the insurance industry notes US organisations are more likely to have been using the affected Microsoft Exchange servers, as are larger businesses. Germany is also a high-risk region, as well as Africa, the Middle East, and Australasia. The report - Understanding the potential fall-out from the ongoing Microsoft Exchange attacks - states many smaller companies have opted for cloud-based email systems, which are unaffected.

 The cyber attacks, believed to have come from Chinese state-sponsored hackers, see vulnerabilities in Microsoft Exchange servers being exploited to allow malicious code to be placed on them. This code can be used for ransomware, espionage or even misdirecting the system’s resources to mine for cryptocurrency on behalf of the criminals.

 CyberCube’s report concludes that the insurance and reinsurance industries are “likely to see a long-tail of attritional claims resulting from this attack”.

 William Altman, Cyber Security Consultant at CyberCube and one of the report’s authors, said: “The insurance industry is only just beginning to understand the scope of possible damage. It is too early to calculate potential losses from the theft of a corporation’s intellectual property. These kinds of data breaches could have delayed - but long-lasting - impacts on commercial competitiveness.

 “An accumulation of loss could result in multiple – theoretically, tens of thousands – of companies making insurance claims to cover investigation, legal, business interruption and possible regulatory fines. There is still the ongoing possibility that even more attackers will launch ransomware or other types of destructive cyber attacks.”

 Using data from over 20 million companies worldwide, CyberCube has produced heatmaps for the insurance industry to identify those regions and industries most at risk. In addition to North American and larger businesses, organisations using legacy Microsoft Exchange servers are particularly vulnerable as is the public sector generally.

 Researchers believe that 10 different “advanced persistent threat actors” globally are now actively exploiting the code used in this attack in a variety of ways. Microsoft has provided patches for the vulnerabilities, but attackers seem to have stepped up their efforts to identify unpatched servers.

 Check out CyberCube’s report, Understanding the potential fall-out from the ongoing Microsoft Exchange attacks.
  

  

  

  

Back to Index


Similar News to this Story

Sleighing the risks by giving Santa the insurance he needs
While you might be the most magical employer in the world, we know that even you aren’t immune to the risks of running a global delivery service! From
Diversity improving in insurance and long term savings
Key figures from the Association of British Insurers’ latest Diversity, Equity and Inclusion (DEI) data collection highlight the work of insurers and
Almost a third of homeowners have been victims of burglaries
Research commissioned by Co-op Insurance reveals that almost one in three (29%) homeowners have been the victims of theft from their home. The member-

Site Search

Exact   Any  

Latest Actuarial Jobs

Actuarial Login

Email
Password
 Jobseeker    Client
Reminder Logon

APA Sponsors

Actuarial Jobs & News Feeds

Jobs RSS News RSS

WikiActuary

Be the first to contribute to our definitive actuarial reference forum. Built by actuaries for actuaries.