Security Report 2022
Check Point Research Reveals the Scale of the Global Cyber Pandemic
The report reveals the most important cyber security trends and notes a veritable frenzy of attacks on the supply chain and increasing disruptions to daily life. Education and research are the most frequently attacked sectors.
Check Point Research has published its safety report 2022. Starting with the SolarWinds attack at the beginning of the year, which represented a whole new level of sophistication and prevalence, and ending with December and the influx of Apache Log4j vulnerabilities, the Security Report 2022 shows the main attack vectors and techniques that CPR observed in 2021.
- Cyber attacks on organizations worldwide increased by an average of 50 percent in 2021 compared to 2020.
- The education and research sector was the most affected, with an average of 1,605 attacks per week.
- Software vendors recorded the largest year-on-year growth with an increase of 146 percent.
In 2021, a total of 50 percent more weekly cyber attacks on organizations were recorded than in 2020. With 1,605 weekly attacks, an increase of 75 percent, the education and research sector is at the top. This was followed by the government and the military with 1,136 weekly attacks (47 percent increase) and communications with 1,079 weekly attacks (51 percent increase). Software vendors recorded the largest year-on-year growth of 146 percent, which is accompanied by the steadily growing trend towards attacks on the software supply chain observed in 2021. Over the past year, there have also been more and more attacks on mobile devices, an increase in vulnerabilities in cloud services and the return of the notorious Emotet botnet.
The most important findings from the 2022 Security Report:
- Attacks on the supply chain: The infamous SolarWinds attack laid the foundation for a wave of attacks on the supply chain. In 2021, there were numerous sophisticated attacks such as Codecov in April and Kaseyain July, which ended with the Log4j vulnerability revealed in December. The impressive effect that this one vulnerability in an open source library has had shows the immense risk posed by software supply chains.
- Cyber attacks against public security: In 2021, there were a large number of attacks on critical infrastructures that massively affected people’s everyday lives and in some cases even threatened their sense of physical security.
- Cloud services under attack: The vulnerabilities of cloud providers were much more alarming in 2021 than before. The vulnerabilities revealed during the year made it possible for attackers to execute arbitrary code at any time, gain root privileges, access large amounts of private content, and even switch between different environments.
- Developments in the mobile landscape: Throughout the year, threat actors have increasingly used smishing (SMS phishing) to spread malware and have made significant efforts to gain access to mobile devices by hacking social media accounts. The progressive digitization of the banking sector in 2021 led to the introduction of various apps designed to limit personal interactions, which in turn led to the spread of new threats.
- Upheaval in the fight against ransomware: Governments and law enforcement agencies changed their attitude towards organized ransomware groups in 2021, moving from preventive and reactive measures to proactive, offensive operations against the ransomware operators, their means and supporting infrastructure. This change came after the Colonial Pipeline incident in May, which led the US government under President Biden to realize that it needs to step up its efforts to combat this threat.
- Return of Emotet: One of the most dangerous and notorious botnets in history is back. Since Emotet’s return in November, CPR has found that the malware’s activity has reached at least 50 percent of the level of January 2021, just before the first shutdown. This upward trend continued in December with several year-end campaigns and is expected to continue well into 2022, at least until the next takedown attempt.
Maya Horowitz, Director of Threat Intelligence and Research and Products at Check Point
“In a year that began with the impact of one of the most devastating supply chain attacks in history, we have seen that the threat actors have gained confidence and sophistication,” says Maya Horowitz, Director of Threat Intelligence and Research and Products at Check Point . “This culminated in the exploitation of the Log4j vulnerability, which once again caught the security community off guard and highlighted the sheer scale of the risk associated with software supply chains. In the months in between, cloud services were attacked, threat actors increasingly focused on mobile devices, the Colonial Pipeline was blackmailed and one of the most dangerous botnets in history resurfaced.“
Horowitz continued: “But it’s not all just gloomy. In 2021, the cracks in the ransomware environment have widened as governments and law enforcement agencies around the world have decided to take a tougher line against ransomware groups. Instead of relying on reactive measures and remedies, some shocking events have made governments aware that they need to take a more proactive approach in dealing with cyber risks. This philosophy also applies to companies that can no longer afford to take a disjointed, isolated and reactionary approach to dealing with threats. They need a 360-degree overview, real-time threat intelligence, and a security infrastructure that can be mobilized in an effective, connected way.”
Average weekly attacks per company by industry in 2021 compared to 2020:
The Security Report 2022 provides a detailed overview of the cyber threat landscape. The results are based on data obtained from Check Point Software’s ThreatCloud Intelligence between January and December 2021 and show the most important tactics used by cybercriminals to attack companies. You can download the whole report here request.