Cyberattack Trends
トレンド#1:AIの活用
2023年の特徴の1つは、 サイバーセキュリティにおける人工知能(AI)の急速な台頭です。 ChatGPT は 2023 年の最後の数か月で一般公開され、画期的でユニークなものと見なされていました。 数か月のうちに、生成AIや大規模言語モデル(LLM)をさまざまなタスクに適用する数百、数千の新しいツールやプロジェクトが生まれました。
サイバーセキュリティの分野では、ジェネレーティブAIは多くの可能性を秘めています。 これらのツールは、ソーシャルエンジニアリング攻撃の質を劇的に向上させ、インフォスティーラー、 キーロガー、ランサムウェアなどの新しいマルウェアを開発するためにすでに適用されています。
While companies such as OpenAI have attempted to build defenses into their tools, they have met with limited success. Research has demonstrated that these restrictions can be easily bypassed, allowing cybercriminals to leverage these tools to increase the scale and sophistication of their attacks.
トレンド#2:ランサムウェア
ランサムウェアは数年前からサイバーセキュリティの主要な脅威であり、ランサムウェア攻撃は企業にとってより巧妙で一般的で、コストがかかるようになっています。
その永続的な成功の背後にある主な推進力の1つは、ランサムウェアの脅威の絶え間ない進化です。 ランサムウェアグループ間の競争により、ランサムウェアはより高速に暗号化し、防御を回避し、より多くのオペレーティングシステムを標的にしています。 また、ランサムウェアはデータの暗号化からデータの盗難へと移行し、身代金の支払いに対する潜在的な防御策としてバックアップを打ち破っています。
また、ランサムウェアのオペレーターは、さまざまな手法を使用して攻撃を拡大しています。 2023年には、 サプライチェーン の悪用と ゼロデイ脆弱性 により、CL0PおよびLockBitランサムウェアグループによる多くの企業に対する大規模な同時攻撃が可能になりました。
トレンド#3:ハクティビズム
ハクティビストは、 政治的な動機でサイバー攻撃を行います。 Anonymousなどのグループは何年も前からこのような攻撃を行ってきましたが、2022年と2023年前半には、国家関連のハクティビスト攻撃が劇的に増加しています。
これらの攻撃は、通常、 分散型サービス妨害 攻撃(DDoS)攻撃を使用して、特定の国家にある組織の業務を妨害します。 例えば、ロシア系のKillnetは西側の医療機関を標的にしており、親イスラムのAnonymous Sudanはスカンジナビア航空、米国の医療機関、Microsoftを攻撃している。
トレンド#4:モバイルの脅威
In recent years, mobile device usage has increased dramatically in the workplace. This trend is driven by the growth of remote work and bring-your-own-device (BYOD) policies.
その結果、サイバー犯罪者はこれらのモバイルデバイスの侵害に力を注ぐようになり、モバイルマルウェアの量と質は劇的に増加しました。 FluHorseなどの最近のモバイルマルウェアキャンペーンは、モバイルデバイスの 2要素認証 (2FA)コードを標的とし、FakeCallsは金融アプリケーションになりすました不正な音声通話を生成します。 Triangulationキャンペーンは、サイバー犯罪者が、以前はAndroidよりもはるかに安全であると考えられていたデバイスのゼロクリックの脆弱性を悪用することで、iOSのセキュリティ環境の変化を浮き彫りにしています。
Cyberattacks in the News
Russia/Ukraine conflict
Check Point Research (CPR) has released information on cyber attacks that have been seen in the context of the ongoing Russia-Ukraine conflict. In the first three days of battle, cyber attacks on Ukraine’s government and military sector increased by an astounding 196%. The number of cyber attacks on Russian businesses has climbed by 4%.
Phishing emails in East Slavic languages grew sevenfold, with a third of those malicious phishing emails being sent from Ukrainian email addresses to Russian receivers.
Apache Log4j Vulnerability
A severe remote code execution (RCE) vulnerability in the Apache logging package Log4j 2 versions 2.14.1 and below was reported on December 9th 2021 (CVE-2021-44228). With over 400,000 downloads from its GitHub repository, Apache Log4j is the most popular java logging package. It is used by a large number of enterprises throughout the world and allows users to log in to a variety of popular applications. It’s easy to exploit this flaw, which allows threat actors to take control of java-based web servers and perform remote code execution assaults.
SolarWinds Sunburst Attack
The world is now facing what seems to be a 5th generation cyber-attack – a sophisticated, multi-vector attack with clear characteristics of the cyber pandemic. Named Sunburst by researchers, we believe this is one of the most sophisticated and severe attacks ever seen. The attack has been reported to impact major US government offices as well as many private sector organizations.
This series of attacks was made possible when hackers were able to embed a backdoor into SolarWinds software updates. Over 18,000 companies and government offices downloaded what seemed to be a regular software update on their computers, but was actually a Trojan horse. By leveraging a common IT practice of software updates, the attackers utilized the backdoor to compromise the organization’s assets enabling them to spy on the organization and access its data. For more information visit our Sunburst attack hub.
Ransomware Attacks
The resurgence of ransomware has been growing. Small local and state government agencies, mainly in the southeastern part of the U.S., have been victimized. Digital transformation is eroding traditional network perimeters with the adoption of cloud computing, cloud-based subscription services, and the ubiquity of mobile devices. This increased expansion of vectors means more ways to attack an organization.
In Q3 2020 Check Point Research saw a 50% increase in the daily average of ransomware attacks, compared to the first half of the year, Organizations worldwide were under a massive wave of ransomware attacks, with healthcare as the most targeted industry
As these attacks continue to mature both in frequency and intensity, their impact on business has grown exponentially. The Top ransomware types were Maze and Ryuk
Types of Cyberattacks
Cyber threats of generation V and VI are now a reality for businesses. Cybercriminals are aware of recent advancements in company cybersecurity and have adapted their attacks to circumvent and defeat traditional safeguards. To avoid detection, modern cyber attacks are multi-vectored and use polymorphic code. As a result, detecting and responding to threats is more challenging than ever.
Cybercriminals’ primary target and an organization’s first line of defense in the remote work world is the endpoint. Securing the remote workforce necessitates an understanding of the most common cyber risks that employees experience, as well as endpoint security solutions capable of detecting, preventing, and resolving these assaults.
Cyberattacks come in a variety of different forms. Cybercriminals use many different methods to launch a cyber attack, a phishing attack, an exploitation of compromised credentials, and more. From this initial access, cybercriminals can go on to achieve different objectives including malware infections, ransomware, denial of service attack, data theft, and more.
A Cyberattack is Preventable
Despite the prevalence of cyber attacks, Check Point data suggests that 99 percent of enterprises are not effectively protected. However, a cyber attack is preventable. The key to cyber defense is an end-to-end cyber security architecture that is multilayered and spans all networks, endpoint and mobile devices, and クラウド. With the right architecture, you can consolidate management of multiple security layers, control policy through a single pane of glass. This lets you correlate events across all network environments, cloud services, and mobile infrastructures.
In addition to architecture, Check Point recommends these key measures to prevent cyber attacks:
- Maintain security hygiene
- Choose prevention over detection
- Implement the most advanced technologies
Learn more about recent cyber attack trends by checking out Check Point’s 2024 Cyber Security Report. You’re also welcome to learn how to protect against modern cyber threats by signing up for a free demo of Check Point Harmony Endpoint.
Feedback