Disruption continues to be the name of the game
While the volume of attacks has only risen marginally, we have witnessed several sophisticated campaigns from cybercriminals who are finding ways to weaponize legitimate tools for malicious gains. Recent examples include using ChatGPT for code generation that can help less-skilled threat actors effortlessly launch cyberattacks, Trojanizing 3CXDesktop app for a supply chain attack, and leveraging the critical unauthorized RCE Vulnerability in the “Microsoft Message Queuing” service (commonly known as MSMQ). The CPR team also discovered the fastest ever encrypting ransomware ever seen, all of which demonstrates how attackers are continuing their rampant crimes and never looking back.
Despite the moderate increase, it’s important not to be complacent. CISOs need to focus on developing and implementing a security strategy that removes any blind-spots and weaknesses across the entire digital landscape. It could be a shadow IT development environment, remote access or email vector that provides an opportunity for a cyber breach. Do they have appropriate segmentation to avoid lateral movement and minimize an attack blast, and do they have access to an incident response service to minimize disruption and speed up recovery? Now more than any other period previously is the right time to consider a consolidated security approach for end-to-end preventative control, providing the board with assurance that you are fully protected from next generation attacks.
Overall Global Attacks:
During the first quarter of 2023, the global average weekly attacks rose by 7% in comparison to the corresponding period in 2022, with each organization facing an average of 1,248 attacks per week.
Global Attacks per Industry:
In the first quarter of 2023, the Education/Research sector was hit the hardest with the highest number of attacks, averaging 2,507 attacks per organization per week, representing a 15% surge from the first quarter of 2022. The Government/Military sector was the second most targeted with an average of 1,725 attacks per week, indicating a 3% increase from the previous year. The Healthcare sector experienced a significant rise in attacks with an average of 1,684 attacks per week, marking a substantial year-over-year increase of 22%. However, the most significant change came in the Retail/Wholesale sector which saw the highest year-over-year increase of 49% with an average of 1,079 attacks per week.
Education/Research continued to be the most heavily impacted sector, with many institutions still struggling to secure extended networks and access points during the shift to remote learning.
Overall Attacks per Region:
In the first quarter of 2023, the African region had the highest number average weekly cyber-attacks per organization, with an average of 1,983 attacks, indicating a marginal decrease of 2% compared to the first quarter of 2022. Conversely, the APAC region experienced the most significant year-over-year increase in average weekly attacks per organization, with a surge of 16%, reaching an average of 1,835 attacks per organization, followed by the North American region, which saw a 9% Year-over-year increase coming to 950 average weekly attacks per organization.
|Region||Average weekly attacks per org||YoY Change|
There is a growing recognition of the dangers posed by cyberattacks and their consequences, as evidenced by the introduction of regulations and policies in various countries. In the US, cybersecurity regulations have recently been revised, and regulators are currently considering proposals aimed at improving incident reporting, information disclosure, oversight, and the modernization of outdated legislation. The proposed amendments, set to be implemented later this year, would require companies to update their cybersecurity compliance programs, covering areas such as corporate governance, notification and reporting requirements, as well as asset management and security.
1 out of every 31 organizations worldwide experienced a ransomware attack
In our 2023 cyber Security Report, CPR detailed how attribution of ransomware operations and tracking threat actors may become even harder. Instead, the focus will be more on data wiping and exfiltration detection. Check Point Research flagged a worrying shift towards sophisticated malware designed to destroy the compromised system, and advises organizations to take appropriate measures.
Ransomware Attacks per Region:
During the first quarter of 2023, approximately 1 in every 31 organizations worldwide experienced a ransomware attack on a weekly basis. This represents a 1% increase compared to the same period in 2022, when a similar number of organizations fell victim to such attacks. Latin America saw the largest year-over-year increase of 28%, when 1 out of 17 organizations experienced a ransomware attack.
During the first quarter of 2023, on a weekly average, 1 out of every 75 organizations in the US was impacted by ransomware attacks, indicating an 11% increase compared to the same period last year. In Israel, on a weekly average, 1 out of every 17 organizations was impacted by ransomware attacks, a 76% increase compared to the same period last year.
|Africa||1 out of 15|
|Latin America||1 out of 17|
|APAC||1 out of 17|
|Europe||1 out of 43|
|North America||1 out of 75|
Ransomware Attacks per Industry:
During the first quarter of 2023, the Government/Military sector was the most heavily targeted by ransomware attacks, with an average of 1 out of every 20 organizations impacted on a weekly basis. This represents a slight 2% decrease compared to the previous year. The Finance/Banking sector was the second most affected, with approximately 1 out of every 25 organizations experiencing such attacks, which marks an increase of 32% compared to the previous year. The Education/Research industry was the third most impacted sector, with 1 out of every 26 organizations affected by ransomware, indicating a decrease of 8% over the past year.
|Government/Military||1 out of 20|
|Finance/Banking||1 out of 25|
|Education/Research||1 out of 26|
|ISP/MSP||1 out of 27|
|Healthcare||1 out of 27|
|SI/VAR/Distributor||1 out of 31|
|Utilities||1 out of 32|
|Consultant||1 out of 33|
|Communications||1 out of 33|
|Insurance/Legal||1 out of 40|
|Manufacturing||1 out of 41|
|Retail/Wholesale||1 out of 44|
|Software vendor||1 out of 48|
|Hardware vendor||1 out of 49|
|Transportation||1 out of 50|
|Leisure/Hospitality||1 out of 51|
Cyber Safety Tips:
- Up-to-Date Patches: Keeping computers and servers up-to-date and applying security patches, especially those labeled as critical, can help to limit an organization’s vulnerability to cyberattacks
- Cyber Awareness Training: Frequent cybersecurity awareness training is crucial to protecting the organization against cyberattacks. This training should instruct employees to do the following:
- Not click on malicious links
- Never open unexpected or untrusted attachments
- Avoid revealing personal or sensitive data to phishers
- Verify software legitimacy before downloading it
- Never plug an unknown USB into their computer
- Utilize better threat prevention: Most ransomware attacks can be detected and resolved before it is too late. You need to have automated threat detection and prevention in place in your organization to maximize your chances of protection.
- Keep your software updated. Attackers sometimes find an entry point within your apps and software, noting vulnerabilities and capitalizing on them. Fortunately, some developers are actively searching for new vulnerabilities and patching them out. If you want to make use of these patches, you need to have a patch management strategy in place – and you need to make sure all your team members are constantly up to date with the latest versions.
- Choose Prevention over detection: Many claim that attacks will happen, and there is no way to avoid them, and therefore the only thing left to do is to invest in technologies that detect the attack once it has already breached the network and mitigate the damage as soon as possible. This is not true. Not only can attacks be blocked, but they can be prevented, including zero-day attacks and unknown malware. With the right technologies in place, most attacks, even the most advanced ones, can be prevented without disrupting the normal business flow.
Although some countries are showing signs of a slower increase in cyberattacks, companies and governments must not let their guards down. Building a cyber resilient estate, one that is based on prevention and consolidation, is crucial for mitigating the risks associated with cyber threats. We will continue to monitor and research the evolving cyber landscape, and we strongly call for greater collaboration between the private and public sectors to effectively combat cybercrime and safeguard our digital assets.