Understanding the potential fall-out from the ongoing Microsoft Exchange attacks

Using CyberCube data to highlight industries and regions that are most at risk

CyberCube has analyzed over 20 million companies within our Enterprise Intelligence Layer (EIL) to create heat maps highlighting the industries and geographies most at risk of exploitation in the ongoing cyber attacks targeting Microsoft Exchange servers around the world.

Attackers are actively exploiting four Microsoft Exchange server zero-day vulnerabilities in an attack chain known as ProxyLogon, to steal the contents of a target’s emails, harvest credentials, and deploy web shells to gain access to target networks undetected and at will. Up to tens of thousands of Microsoft Exchange servers could have been infected with the malicious ChinaChopper web shell as part of this attack. Companies that have been infected with a web shell will have to forensically investigate their networks to ensure that attackers can not re-enter and wreak havoc, even after patching. (Re)insurers could be on the hook for third-party breach investigation and incident response claims from thousands of companies as they investigate for indicators of compromise and the presence of web shells.

The (re)insurance community is likely to see a long-tail of attritional claims resulting from this attack. We will see attackers sell backdoor access to enterprise networks that were originally compromised through a vulnerable Microsoft Exchange server. At the same time, there will be a relatively small (but not insignificant) number of unpatched Microsoft Exchange servers for the foreseeable future. Patching is not always as simple as pushing an update button. Nefarious actors will continue to seek out and exploit Microsoft Exchange servers if they are unpatched.

Large-scale cyber events that create risk aggregation issues for (re)insurers are becoming more familiar. From WannaCry and NotPetya in 2017, to SolarWinds in 2020, and now Microsoft Exchange in 2021, the potential for a single cyber attack to cause widespread and catastrophic damage is now undeniable.

Download the report to read more.