2022 began with a massive exploitation of one of the most serious vulnerabilities on the internet, the Apache log4j, and continued with a full blown cyber warfare from the Russia-Ukraine war.
Today, Check Point Research (CPR) reports that the second quarter of 2022 saw an all-time peak of 1.2K attacks per organization globally, a 32% increase compared to Q2 2021, whereas UAE observed an average of 970 weekly attacks per organization in Q2 2022, a massive 178% increase year-over-year.
The most attacked industry in Q2 2022 was the Education/Research sector, seeing a 53% increase year-over-year and unprecedently, 1 out of 40 organizations worldwide was impacted by Ransomware, representing a 59% increase compared to numbers in the previous year.
Figure 1: Global Average Weekly Attacks from Q1 2021- Q2 2022
Education & Research is the most attacked sector
In terms of industries, cyber criminals seem to target most of their attacks on the education / research sector with an average of more than 2.3K attacks per organization every week. This represents an increase of 53% compared to Q2 2021. Following this is the government/military sector that has seen 1.6k average weekly attacks, representing a rise of 44%, compared to the same period of time in the previous year. Subsequently followed by the ISP/MSP, healthcare and communication sectors, all seeing an average of 1.3K attacks per week, per organization, representing a substantial double digit increase year over year.
Figure 2: Global Average Weekly Attacks per Industry, percentage represents increase compared to Q2-2021
Ransomware at the center of attention
May 2022 marked the 5th anniversary of the infamous WannaCry attack, and it seems that Ransomware has completely changed the threat landscape, in that it has evolved to be a weapon in the hands of attack groups threatening governments. Check Point Research recently coined the term ‘country extortion’ after observing how ransomware expanded its business borders to now include the government sector.
In this report, CPR sees that globally, the weekly average of impacted organizations by Ransomware reached 1 out of 40 – a 59% increase YoY (1 out of 64 organizations in Q2 2021).Latin America has seen the largest increase in attacks, spotting 1 out of 23 organizations impacted weekly, a 43% increase YoY, compared to 1 out of 33 in Q2 2021, followed by Asia region that has seen a 33% increase YoY, reaching 1 out of 17 organizations impacted weekly.
Ransomware attacks per industry:
Industry | Weekly Impacted Organizations | YoY Change |
Government/Military | 1 out of 24 | +135% |
Education/Research | 1 out of 30 | +83% |
Healthcare | 1 out of 31 | +47% |
ISP/MSP | 1 out of 37 | +9% |
Finance/Banking | 1 out of 41 | +42% |
Communications | 1 out of 46 | +59% |
SI/VAR/Distributor | 1 out of 47 | +143% |
Manufacturing | 1 out of 48 | +60% |
Retail/Wholesale | 1 out of 53 | +182% |
Utilities | 1 out of 59 | +11% |
Transportation | 1 out of 70 | +28% |
Software vendor | 1 out of 74 | -34% |
Leisure/Hospitality | 1 out of 77 | +24% |
Hardware vendor | 1 out of 78 | +48% |
Insurance/Legal | 1 out of 81 | +1% |
Consultant | 1 out of 87 | -17% |
Figure 3: Ratio & percentage of attacks per industry
Retailers and the wholesale sector saw the largest spike in ransomware attacks, with an alarming increase of 182%, compared to the same period last year, followed by the Distributors sector that saw a 143% increase and then, the government/military sector, reporting a staggering increase of 135%, reaching a ratio of 1 out of 24 organizations impacted by ransomware on weekly basis.
Immediate measures can be undertaken by any organization or country to guard against ransomware attacks. From continuous data backups, reducing the attack surface to simple measures like constant up-to-date patching, implementing a cyber security action plan will help to reduce such ransomware attacks.
Omer Dembinsky, Data Group Manager at Check Point Software said, “Ransomware attacks are showing no signs of slowing down. Right now, we can say that 1 out of every 40 organizations we track is impacted by ransomware each week, which makes for a 59% YoY increase. Hackers are leveraging the increase in attack surface from remote work and learning, and the war between Ukraine and Russia also helps drive the proliferating trend, as geopolitical tensions rising inspires hackers to take sides. Lastly, the willingness of organizations to meet ransomware demands in order to protect patients has proved the business of ransomware to be highly lucrative. Hence, we see that hackers are continuing to invest resources in going after healthcare organizations. We strongly recommend organizations everywhere to take note of our ransomware prevention tips, such as backing up data, keeping systems up to date and training employees on awareness.”
How To Prevent the Next Attack:
Mega cyber-attacks like SolarWinds and Log4J were not inevitable. With the correct measures and technologies in place, many organizations could have avoided the impact and devastating effect of such attacks. In order to truly combat the next threats, organizations must take a proactive approach, using advanced technologies that can prevent even the most evasive zero- day attacks. In other words, the next attack can be prevented if companies change their view on security and follow a few guiding principles.
Choose Prevention over detection:
Traditional cybersecurity vendors often claim that attacks will happen, and there’s no way to avoid them, and therefore the only thing left to do is to invest in technologies that detect the attack once it has already breached the network and mitigate the damages as soon as possible. This is untrue. Not only can attacks be blocked, but they can be prevented, including zero-day attacks and unknown malware. With the right technologies in place, the majority of attacks, even the most advanced ones, can be prevented without disrupting the normal business flow.
Keep your threat intelligence up to date:
Malware is constantly evolving, making threat intelligence an essential tool for almost every company to consider. When an organization has financial, personal, intellectual, or national assets, a more comprehensive approach to cybersecurity is the only way to protect against today’s attackers. And one of the most effective proactive security solutions available today is threat intelligence.
Implementing the most advanced technologies:
Attack techniques are diverse and constantly evolving. IT systems are complex and there is no single silver-bullet technology that can protect from all threats and all threat vectors. However, there are many integrated and impactful technologies and ideas available such as: machine learning, sandboxing, anomaly detection, content disarmament, and numerous others that can help prevent the next cyber attack. Each of these technologies can be highly effective in specific scenarios, covering specific file types or attack vectors. Strong solutions integrate a wide range of technologies and innovations to effectively combat modern attacks in IT environments.
Maintain security hygiene:
- Patching: All too often, attacks penetrate by leveraging known vulnerabilities for which a patch exists but has not been applied. Organizations should strive to make sure up-to-date security patches are maintained across all systems and software.
- Segmentation: Networks should be segmented, applying strong firewall and IPS safeguards between the network segments in order to prevent infections from propagating across the entire network.
- Review: Security products’ policies must be carefully reviewed, and incident logs and alerts should be continuously monitored.
- Audit: Routine audits and penetration testing should be conducted across all systems.
- Principle of Least Privilege: User and software privileges should be kept to a minimum – Decision makers should decide if there really is a need for all users to have local admin rights on their PCs, which enlarges possibilities and widens the vectors for attacks.