Global cyber attacks have increased by 29% in the last six months, as hackers continue to exploit the COVID-19 pandemic and the shift to remote working, according to new research.
The 2021 Mid-year Security Report from Check Point provides a detailed overview of the cyber threat landscape and shows the latest cyberattack trends observed throughout the first half of this year.
During this same period, ransomware attacks surged 93%, fuelled by innovation in attack technique called Triple Extortion.
Regionally, key trends outlined in the report show:
- 13% increase in cyber-attacks on organisations since the beginning of the year, with 1338 weekly attacks per organisation
- The rise of ransomware attacks and Triple Extortion: In addition to stealing sensitive data from organisations and threatening to release it publicly unless a payment is made, attackers are now targeting organisations customers and/or business partners and demanding ransom from them too. The attack innovation has been dubbed Triple Extortion by Check Point.
- Supply chain attacks step up: The well-known SolarWinds supply chain attack stands out in 2021 due to its scale and influence, but other sophisticated supply chain attacks have occurred such as Codecov in April, and most recently Kaseya.
- Race for Emotets successor intensifies: Following the botnets takedown in January, other malwares are quickly gaining popularity, namely: Trickbot, Dridex, Qbot and IcedID.
- Organisations experienced a 36% increase in cyber-attacks since the beginning of the year, with 777 weekly attacks per organisation
- 17% increase in cyber-attacks since the beginning of the year, with 443 weekly attacks per organisation
"In the first half of 2021, cyber criminals have continued to adapt their working practices in order to exploit the shift to hybrid working, targeting organisations supply chains and network links to partners in order to achieve maximum disruption," says Maya Horrowitz, VP Research at Check Point Software.
This year cyber-attacks have continued to break records and we have even seen a huge increase in the number of ransomware attacks, with high-profile incidents such as Solarwinds, Colonial Pipeline, JBS or Kaseya," she says.
"Looking ahead, organisations should be aware of the risks and ensure that they have the appropriate solutions in place to prevent, without disrupting the normal business flow, the majority of attacks including the most advanced ones."
The report also reveals predictions for the second half of 2021. These include:
- Ransomware war to intensify Ransomware attacks will continue to proliferate despite increased investment from governments and law enforcement, especially as the Biden Administration makes this a priority.
- Man-in-the-Middle becomes the hacker in the network - Over the past two years, we have seen an acceleration in the use of penetration tools, such as Cobalt Strike and Bloodhound. These tools don't just pose a real challenge from a detection point of view, they also grant live hackers access to the compromised networks, allowing them to scan and scroll at will and customise attacks on the fly.
- Collateral Damage The triple extortion trend in ransomware now includes not only the original target organisation, but also the victims customers, partners and vendors. This multiplies the actual victims of each attack and requires a special security strategy.
Safety and Prevention Tips
Install updates and patches regularly. Updates and patches must be installed immediately and have an automatic setting.
Adopt a prevention-first strategy and approach. Once an attack has penetrated a device or a corporate network in any way, its too late. It is therefore essential to use advanced threat prevention solutions that stop even the most advanced attacks as well as preventing zero-day and unknown threats.
Install anti-ransomware. Anti-ransomware protection watches out for any unusual activity such as opening and encrypting large numbers of files, and if any suspicious behaviour is detected, it can react immediately and prevent massive damage. Ransomware attacks do not start with ransomware. Be aware of other malicious codes, such as Trickbot or Dridex that infiltrate organisations and set the stage for a subsequent ransomware attack.
Education is an essential part of protection. Many cyberattacks start with a targeted email that does not contain malware, but uses social engineering to try to lure the user into clicking on a dangerous link. User education is therefore one of the most important parts of protection.
Collaborate. In the fight against cybercrime, collaboration is key. Contact law enforcement and national cyber authorities; do not hesitate to contact the dedicated incident response team of a cybersecurity company. Inform employees of the incident, including instructions on how to proceed in the event of any suspicious behaviour.