While the disruptive impact of the Russo-Ukrainian conflict on the cyber landscape has relatively reduced in recent months, the threat landscape has returned to a state of “normality”. This new normal is characterised by an increase in cyberattacks, as Check Point Research’s latest report unravels the use of new evasive tactics, frequent hacktivism-based attacks, and a daily barrage of ransomware targeting numerous organisations.
Despite the waning effect of the conflict on the cyberthreat landscape, the persistence of these threats highlights the ongoing need for heightened vigilance and robust cybersecurity measures to counteract the relentless and evolving nature of cyberattacks.
In recent months, Check Point has reported the unravelling of a Chinese-based APT which targeted governmental entities; hidden malware that was spotted behind legitimate looking apps; a new version of Chinese espionage that was propagated through USB devices; and malicious firmware implants discovered on Internet routers. In addition, cybercriminals continue to leverage the latest AI revolution by stretching the borders of generative AI chat platforms such as ChatGPT4.
In Q2 2023, there was an 8% increase in global average weekly attacks compared to the previous year.
The average number of attacks per organisation per week reached 1 258 attacks – the highest number noted by Check Point Research in the past two years.
During Q2 2023, the Education/Research sector experienced the highest number of attacks, with an average of 2 179 attacks per organization per week, marking a 6% decrease compared to Q2 2022. The Government/Military sector was the second most attacked, with an average of 1 772 attacks per week, which represents a 9% increase from the parallel period last year. The Healthcare sector followed closely behind, with an average of 1 744 attacks per week, reflecting a significant YoY increase of 30%.
During Q2 2023, Africa experienced the highest average number of weekly cyberattacks per organisation with an average of 2 164 attacks. This signifies a significant year-on-year increase of 23% compared to the same period in 2022. The APAC region also witnessed a substantial 22% YoY increase in the average number of weekly attacks per organisation, reaching an average of 2 046 attacks.
In Q2 2023, one out of every 44 organisations worldwide experienced a ransomware attack, representing a decrease of 9% compared to Q2 2022, where one out of every 40 organisations suffered from such attacks. APAC & Europe see significant YoY increases in Ransomware attacks per organisation, with a 29% and 21% increase respectively. The north American region follows with a 15% YoY increase.
In Q1 2023, the Government/Military sector experienced the highest number of ransomware attacks, with one out of every 25 organisations impacted, marking a slight 4% decrease compared to the previous year. The Healthcare sector was the second most affected, with one out of every 27 organisations experiencing such attacks, representing an increase of 16% YoY. The Education/Research industry followed closely behind, with one out of every 31 organisations affected by ransomware, indicating a decrease of 2% over the past year.
Check Point offers the following cyber safety tips:
* Up-to-Date Patches: Keeping computers and servers up-to-date and applying security patches, especially those labeled as critical, can help to limit an organisation’s vulnerability to cyberattacks.
* Cyber Awareness Training: Frequent cybersecurity awareness training is crucial to protecting the organisation against cyberattacks. This training should instruct employees to: not click on malicious links; never open unexpected or untrusted attachments; avoid revealing personal or sensitive data to phishers; verify software legitimacy before downloading it; and never plug an unknown USB into their computer.
* Strengthening User Authentication: Cybercriminals commonly use the Remote Desktop Protocol (RDP) and similar tools to gain remote access to an organisation’s systems using guessed or stolen login credentials. Once inside, the attacker can drop ransomware on the machine and execute it, encrypting the files stored there. This potential attack vector can be closed through the use of strong user authentication. Enforcing a strong password policy, requiring the use of multi-factor authentication, and educating employees about phishing attacks designed to steal login credentials are all critical components of an organisation’s cybersecurity strategy.
* Keep your software updated. Attackers sometimes find an entry point within your apps and software, noting vulnerabilities and capitalising on them. Fortunately, some developers are actively searching for new vulnerabilities and patching them out. If you want to make use of these patches, you need to have a patch management strategy in place – and you need to make sure all your team members are constantly up to date with the latest versions.
* Choose prevention over detection. Many claim that attacks will happen and there is no way to avoid them and, therefore, the only thing left to do is to invest in technologies that detect the attack once it has already breached the network and mitigate the damage as soon as possible. This is not true. Not only can attacks be blocked, but they can be prevented – including zero-day attacks and unknown malware. With the right technologies in place, most attacks, even the most advanced ones, can be prevented without disrupting the normal business flow.
* Anti-ransomware solutions. Some ransomware operators use well-researched and highly targeted spear phishing emails as their attack vector. These emails may trick even the most diligent employee, resulting in ransomware gaining access to an organisation’s internal systems. Protecting against this ransomware that “slips through the cracks” requires a specialised security solution. To achieve its objective, ransomware must perform certain anomalous actions, such as opening and encrypting large numbers of files. Anti-ransomware solutions monitor programs running on a computer for suspicious behaviours commonly exhibited by ransomware – and if these behaviours are detected, the program can take action to stop encryption before further damage can be done.