Michael Behr
24 January 2022
Software vendors were hit by the greatest increase in attacks as hackers saw the benefits of hitting software supply chains.
Organisations around the world experienced 50% more weekly cyberattacks in 2021 than in 2020, a new study has revealed.
According to Check Point Research’s (CPR’s) upcoming 2022 Security Report, 2021 saw software vendors in hit by the largest year-on-year growth in cyberattacks at 146%.
It also found that cyberattacks against the top 16 industries increased by an average of 55%, with the education/research sector suffering the most attacks. It was hit with an average 1,605 weekly attacks, a 75% increase compared to 2020.
Other key industries targeted by hackers include government/military organisations, which saw an average of 1,136 weekly attacks (47% increase). Communications saw an average of 1,079 weekly attacks (51% increase).
“In a year that began with the fallout from one of the most devastating supply chain attacks in history, we’ve seen threat actors grow in confidence and sophistication,” a CPR statement read.
2021 saw some major cyberattacks, many of which hit third party software suppliers. Supply chain attacks like SolarWinds, Microsoft Exchange, Kaseya, and Log4j were able to hit organisations that used their software, putting thousands of organisations at risk.
Furthermore, attacks on critical infrastructure disrupted the lives of individuals. This includes the Colonial Pipeline attack, which led to fuel shortages on the East Coast of the US. Some, such as the attempted Florida wastewater attack, could have potentially put lives at risk.
In terms of the ransomware ecosystem, botnets were the leading attack category worldwide. They beat out infostealers and cryptominers.
In particular, notorious botnet Emotet returned in November. Despite multiple attempts to shut it down, the malware made a comeback, albeit reduced to at least 50% of the level seen in January 2021.
This rising trend continued throughout December with several end-of-year campaigns, and is expected to continue well into 2022, at least until the next takedown attempt.
However, CPR noted that cracks are appearing in the ransomware ecosystem. The major cyberattacks that took place in 2021 prompted governments and law enforcement agencies to change tactics for dealing with organised ransomware groups. They shifted from pre-emptive and reactive measures to proactive offensive operations against the ransomware operators, their funds and supporting infrastructure.
This year saw a REvil, a major ransomware group behind the Kaseya attack, effectively dismantled after US agencies provided Russian authorities with intelligence. This led to the arrests of multiple individuals connected with the cybercrime organisation.
“The recent arrests made in Russia of the REvil ransomware gang is a unique event in the history of cyber as it is the first time that the US Administration has collaborated with the Russian authorities to track down and arrest members of a ransomware group,” CPR said in a statement.
No comments:
Post a Comment