A Check Point has just released 2021 Mid-Year Report: Cyber Attack Trends, the study that highlights the latest trends in cybercrime and how they have evolved over the past six months. Cybercriminals continue to explore the transition to hybrid work, targeting organizations from all sectors, including public administration, healthcare and critical infrastructure.
Worldwide, organizations registered a 29% increase in the number of cyber attacks suffered. The EMEA region (Europe, Middle East and Africa) showed the highest growth (36%), followed by the Americas (34%) and APAC (13%). This year, we also saw the emergence of a new ransomware technique, the Triple Extortion.
Although there have been successful operations against cybercrime on an international scale, such as the elimination of the botnet emote, malicious agents continue to launch sophisticated attacks that take advantage of the chains according to which companies organize to cause mass disruption.
Main trends highlighted by the Mid-Year Report:
- Global increase in cyber attacks: In 2021, the average weekly attacks per organization in the EMEA was 777, an increase of 36%. In the United States, organizations suffered an average of 443 attacks per week, an increase of 17% compared to the beginning of this year. At APAC, organizations registered 1338 weekly attacks, an increase of 13%. Looking specifically at Europe, the increase was 27%. In Latin America, the percentage of growth is 19%.
- Increased Ransomware Attacks and 'Triple Extortion': Worldwide, the number of ransomware attacks on organizations increased by 93% in the first half of 2021, compared to the same period last year. In addition to stealing sensitive data from organizations and threatening to publicly disclose it if no payment is made, attackers are now targeting the organizations' customers and/or business partners and demanding an amount from them as well.
- Increased chain attacks: The well-known chain attack targeting software company SolarWinds stands out in 2021 due to its scale and influence, but other such sophisticated attacks have occurred, such as the Codecov in April and, more recently, the Kaseya.
- The race for Emotet succession: After the takedown of the Emotet botnet, other malware has been gaining popularity, namely Trickbot, Dridex, Qbot and IcedID.
- Forecasts for the second half of 2021: Ransomware will continue to grow despite legal efforts against the threat. The increasing use of penetration tools into systems will give hackers the ability to customize their attacks. The popularization of attacks that target collateral victims will require a specific security strategy that seeks to minimize this damage
"In the first half of 2021, cybercriminals continued to adapt their practices to the shift to hybrid work, with a particular focus on chain organizations and their network links with partners, in order to cause as much disruption as possible.", it states Maya Horowitz, VP Research at Check Point Software.
"This year, cyber attacks continued to break records and we even saw a huge increase in the number of ransomware attacks, with high visibility incidents like Solarwinds, Colonial Pipeline, JBS or Kayesa. Looking to the future, organizations must be aware of the risks and ensure they have the right solutions to prevent, without disturbing the normal flow of business, most attacks, including the most advanced ones.".
Cyber attacks by region in the first half of 2021:
Main forecasts for the second half of 2021:
- The war against ransomware will intensify: Ransomware attacks will continue to proliferate despite increased investment by governments and law enforcement. With this investment and increasingly advanced tools, authorities will enjoy some successes, but threat agents will evolve, and new groups will emerge in the cyberweapons race.
- Man-in-the-Middle attacks will be elected: The past two years have seen the popularization of system penetration tools such as Cobalt Strike and Bloodhound. These tools are not only challenging from a detection standpoint, they also give hackers live access to compromised networks, allowing them to scan and roam at will while customizing their attacks. Cybersecurity professionals will need a whole new set of skills to detect this form of attack and prevent it from succeeding in the future.
- Damage that goes beyond the initial victim: Growing 'Triple Extortion' trends, chain attacks and even remote cyber attacks can affect businesses more than ever. The 'Triple Extortion' ransomware trend now includes not only the target organization, but its customers, partners and suppliers. This multiplies the actual victims of each attack and requires a specific security strategy.
Safety and Prevention Tips
- Install updates and patches regularly. Updates and patches should be installed immediately or, preferably, automatically configured.
- Adopt a prevention strategy and approach. Once an attack has penetrated a device or a corporate network, it's too late. Therefore, it is essential to use advanced threat prevention solutions that prevent even the most advanced attacks, as well as the prevention of unknown and zero-day threats.
- Install anti-ransomware. Anti-ransomware protection is attentive to any unusual activity, such as opening and encrypting files, and if any suspicious behavior is detected, it can react immediately and prevent large-scale damage. Ransomware attacks do not start with the use of ransomware. Be aware of other malicious code, such as Trickbot or Dridex, that infiltrates organizations and sets the stage for a subsequent ransomware attack.
- Training is an essential part of protection. Many cyber attacks start with a targeted email that, despite not containing malware, uses social engineering techniques to entice the user to click on a dangerous link. User awareness of cybersecurity is therefore one of the most important elements of protection.
- Collaborate. In the fight against cybercrime, collaboration is critical. Contact national cyber authorities and authorities; don't hesitate to contact the incident response team of a security company you trust. Informing employees about the incident and giving instructions on how to proceed in the event of any suspicious behavior is also important.