Cyberattacks increased by 32% globally and by 178% in the UAE

Check Point Research (CPR) reports that the second quarter of 2022 saw an all-time peak of 1.2K attacks per organization globally, a 32% increase compared to Q2 2021, whereas UAE observed an average of 970 weekly attacks per organization in Q2 2022, a massive 178% increase year-over-year.

Omer Dembinsky, Data Group Manager at Check Point Software said, “Ransomware attacks are showing no signs of slowing down. Right now, we can say that 1 out of every 40 organizations we track is impacted by ransomware each week, which makes for a 59% YoY increase. Hackers are leveraging the increase in attack surface from remote work and learning, and the war between Ukraine and Russia also helps drive the proliferating trend, as geopolitical tensions rising inspires hackers to take sides”.

He added, “Lastly, the willingness of organizations to meet ransomware demands in order to protect patients has proved the business of ransomware to be highly lucrative. Hence, we see that hackers are continuing to invest resources in going after healthcare organizations. We strongly recommend organizations everywhere to take note of our ransomware prevention tips, such as backing up data, keeping systems up to date and training employees on awareness.”

The Education/Research sector was the most attacked in Q2 2022, with a 53% increase year over year, and for the first time, 1 out of every 40 organizations worldwide was impacted by Ransomware, representing a 59% increase over the previous year.

Education & Research is the most attacked sector

In terms of industries, cyber criminals appear to focus the majority of their attacks on the education/research sector, with more than 2.3K attacks per organization per week. This represents a 53 percent increase over Q2 2021. Following that is the government/military sector, which has seen 1.6k average weekly attacks, a 44 percent increase over the same time period the previous year. Following that, the ISP/MSP, healthcare, and communication sectors saw an average of 1.3K attacks per week, per organization, representing a significant double-digit increase year over year.

Ransomeware at the center of attention

The 5th anniversary of the infamous WannaCry attack was in May 2022, and it appears that Ransomware has completely changed the threat landscape, evolving into a weapon in the hands of attack groups threatening governments. Check Point Research recently coined the term “country extortion” after observing how ransomware’s business borders have expanded to include the government sector.

According to this report, the global weekly average of Ransomware-affected organizations has reached 1 out of 40, a 59 percent increase year on year (1 out of 64 organizations in Q2 2021). Latin America has seen the greatest increase in attacks, with 1 out of 23 organizations impacted weekly, a 43 percent increase year on year, compared to 1 out of 33 in Q2 2021. Asia has seen a 33 percent increase year on year, with 1 out of 17 organizations impacted weekly.

Ransomware attacks per industry:

Retailers and wholesalers saw the greatest increase in ransomware attacks, with an alarming 182 percent increase compared to the same period last year, followed by the Distributors sector, which saw a 143 percent increase, and finally, the government/military sector, which reported a staggering 135 percent increase, reaching a ratio of 1 out of 24

Mega cyber-attacks like SolarWinds and Log4J were not inevitable. With the correct measures and technologies in place, many organizations could have avoided the impact and devastating effect of such attacks. In order to truly combat the next threats, organizations must take a proactive approach, using advanced technologies that can prevent even the most evasive zero- day attacks. In other words, the next attack can be prevented if companies change their view on security and follow a few guiding principles.

Choose Prevention over detection:

Traditional cybersecurity vendors often claim that attacks will happen, and there’s no way to avoid them, and therefore the only thing left to do is to invest in technologies that detect the attack once it has already breached the network and mitigate the damages as soon as possible. This is untrue. Not only can attacks be blocked, but they can be prevented, including zero-day attacks and unknown malware. With the right technologies in place, the majority of attacks, even the most advanced ones, can be prevented without disrupting the normal business flow.

Keep your threat intelligence up to date:

Because malware is constantly evolving, threat intelligence is an important tool for almost every company to consider. When an organization has financial, personal, intellectual, or national assets, the only way to protect against today’s attackers is to take a more comprehensive approach to cybersecurity. Threat intelligence is one of the most effective proactive security solutions available today.

Implementing the most advanced technologies:

Attack techniques vary and are constantly evolving. IT systems are complex, and no single silver bullet technology can protect against all threats and threat vectors. However, there are numerous integrated and impactful technologies and ideas available, such as machine learning, sandboxing, anomaly detection, content disarmament, and many others, that can aid in the prevention of the next cyber attack. Each of these technologies has the potential to be extremely effective in specific scenarios, such as those involving specific file types or attack vectors. To effectively combat modern attacks in IT environments, strong solutions integrate a wide range of technologies and innovations.

Maintain security hygiene:

• Patching: All too often, attacks penetrate by leveraging known vulnerabilities for which a patch exists but has not been applied. Organizations should strive to make sure up-to-date security patches are maintained across all systems and software.
• Segmentation: Networks should be segmented, applying strong firewall and IPS safeguards between the network segments in order to prevent infections from propagating across the entire network.
• Review: Security products’ policies must be carefully reviewed, and incident logs and alerts should be continuously monitored.
• Audit: Routine audits and penetration testing should be conducted across all systems.

Principle of Least Privilege: User and software privileges should be kept to a minimum – Decision makers should decide if there really is a need for all users to have local admin rights on their PCs, which enlarges possibilities and widens the vectors for attacks.