A cyber attack is an assault launched by cybercriminals using one or more computers against a single or multiple computers or networks. A cyber attack can maliciously disable computers, steal data, or use a breached computer as a launch point for other attacks. Cybercriminals use a variety of methods to launch a cyber attack, including malware, phishing, ransomware, denial of service, among other methods.
The world is now facing what seems to be a 5th generation cyber-attack – a sophisticated, multi-vector attack with clear characteristics of the cyber pandemic. Named Sunburst by researchers, we believe this is one of the most sophisticated and severe attacks ever seen. The attack has been reported to impact major US government offices as well as many private sector organizations.
This series of attacks was made possible when hackers were able to embed a backdoor into SolarWinds software updates. Over 18,000 companies and government offices downloaded what seemed to be a regular software update on their computers, but was actually a Trojan horse. By leveraging a common IT practice of software updates, the attackers utilized the backdoor to compromise the organization’s assets enabling them to spy on the organization and access its data. For more information visit our Sunburst attack hub.
The resurgence of ransomware has been growing. Small local and state government agencies, mainly in the southeastern part of the U.S., have been victimized. Digital transformation is eroding traditional network perimeters with the adoption of cloud computing, cloud-based subscription services, and the ubiquity of mobile devices. This increased expansion of vectors means more ways to attack an organization.
In Q3 2020 Check Point Research saw a 50% increase in the daily average of ransomware attacks, compared to the first half of the year, Organizations worldwide were under a massive wave of ransomware attacks, with healthcare as the most targeted industry
As these attacks continue to mature both in frequency and intensity, their impact on business has grown exponentially. The Top ransomware types were Maze and Ryuk
In software supply chain attacks, the threat actor typically installs malicious code into legitimate software by modifying and infecting one of the building blocks the software relies upon. As with physical chains, software supply chains are only as strong as their weakest link.
Software supply chain attacks can be divided into two main categories. The first includes targeted attacks aiming to compromise well-defined targets, scanning their suppliers list in search of the weakest link through which they could enter. In the ShadowHammer attack, attackers implanted malicious code into the ASUS Live Update utility, allowing them to later install backdoors on millions of remote computers.
Phishing is a popular cyber attack technique and continues to be one of the biggest threats to cyber security. Advanced socially engineered evasion techniques are bypassing email security solutions with greater frequency. Check Point researchers noted a surge in sextortion scams and business email compromise (BEC), threatening victims into making a payment through blackmail or by impersonating others, respectively. Both scams do not necessarily contain malicious attachments or links, making them harder to detect. In April, one sextortion campaign went as far as pretending to be from the CIA and warned victims they were suspected of distributing and storing child pornography. Hackers demanded $10,000 in Bitcoin.
Evasive email scams include encoded emails, images of the message embedded in the email body, as well as complex underlying code that mixes plain text letters with HTML character entities. Social engineering techniques, as well as varying and personalizing the content of the emails, are additional methods allowing the scammers to fly safely under the radar of anti-spam filters and reach their target’s inbox.
The growing popularity of public cloud environments has led to an increase of cyber attacks targeting resources and sensitive data residing within these platforms. Following the 2018 trend, practices such as misconfiguration and poor management of cloud resources remained the most prominent threat to the cloud ecosystem in 2019. As a result, subjected cloud assets have experienced a wide array of attacks. This year, misconfiguring cloud environments was one of the main causes for a vast number of data theft incidents and attacks experienced by organizations worldwide.
Cloud cryptomining campaigns have increased with upgraded techniques capable of evading basic cloud security products. Docker hosts have been exposed and competitors’ cryptomining campaigns operating in the cloud shut down. Check Point researchers also witnessed an increase in the number of exploitations against public cloud infrastructures.
Malicious actors are adapting techniques and methods from the general threat landscape to the mobile world. Banking malware has successfully infiltrated the mobile cyber arena with a sharp rise of more than 50% compared to 2018. In correlation to the growing use of banks’ mobile applications, malware capable of stealing payment data, credentials and funds from victims’ bank accounts have been pushed from the general threat landscape and became a very common mobile threat too.
Despite the prevalence of cyber attacks, Check Point data suggests that 99 percent of enterprises are not effectively protected. However, a cyber attack is preventable. The key to cyber defense is an end-to-end cyber security architecture that is multilayered and spans all networks, endpoint and mobile devices, and cloud. With the right architecture, you can consolidate management of multiple security layers, control policy through a single pane of glass. This lets you correlate events across all network environments, cloud services, and mobile infrastructures.
In addition to architecture, Check Point recommends these key measures to prevent cyber attacks: