US organizations are more likely to have been using the compromised Microsoft Exchange servers, as are larger businesses, the report found. Germany, Africa, the Middle East, and Australasia were also identified as high-risk regions. Many smaller companies weren’t affected by the attacks, as they opted to use cloud-based email systems, which weren’t targeted.
The attacks, which are believed to have been carried out by Chinese state-sponsored hackers, exploited vulnerabilities in Microsoft Exchange servers to allow malicious code to be placed on them. The code can be used for ransomware, espionage, or redirecting system resources to mine for cryptocurrency on behalf of the criminals.
CyberCube’s report concluded that the insurance and reinsurance industries are “likely to see a long-tail of attritional claims resulting from this attack.”
Read more: Cyberattacks by nation states becoming more aggressive
“The insurance industry is only just beginning to understand the scope of possible damage,” said report co-author William Altman, cybersecurity consultant at CyberCube. “It is too early to calculate potential losses from the theft of a corporation’s intellectual property. These kinds of data breaches could have delayed – but long-lasting – impacts on commercial competitiveness. An accumulation of loss could result in multiple – in theory, tens of thousands – of companies making insurance claims to cover investigation, legal, business interruption and possible regulatory fines. There is still the ongoing possibility that even more attackers will launch ransomware or other types of destructive cyberattacks.”
CyberCube, using data from more than 20 million companies worldwide, has produced heat maps for the insurance industry to identify regions and industries most at risk. In addition to North American and larger businesses, firms using legacy Microsoft Exchange servers are especially vulnerable, as is the public sector.
Researchers believe that 10 different “advanced persistent threat actors” across the globe are actively exploiting the code used in the attacks, CyberCube said.