Check Point 2022 Security Overview

The past twelve months represents one of the most turbulent and disruptive periods on record, at least as far as security is concerned. As governments and businesses around the world continued to navigate the uncharted waters of a global pandemic, the so-called “new normal” still felt a long way off. Digital transformation efforts were dramatically accelerated as businesses embraced hybrid and remote working arrangements, but the same questions around security maturity that plagued many businesses in 2020 persisted through 2021.

While some of those questions remain up in the air, threat actors have wasted no time whatsoever in turning the situation to their advantage. Cyberattacks are up by an average of 50% since we issued our last annual report, with the education and research sector suffering the biggest blow, averaging 1,605 attacks every single week throughout the year. As predicted, the infamous SolarWinds breach appears to have kickstarted a trend of supply chain attacks that have persisted throughout the year, showing no signs of slowing down.

In this 2022 Security Report, we will reveal the key attack vectors and techniques that our researchers at Check Point Software have observed over the past year. From a new generation of highly sophisticated supply chain attack methods, right through to the Log4j vulnerability exploit that rendered hundreds of thousands of businesses open to a potential breach.

We’ll start with a month-by-month rundown of the year’s major cyber events, before doing a deep dive into some of the emerging trends that will undoubtedly shape the year to come. We’ll discuss cloud services, developments in the mobile landscape and IoT, cracks in the ransomware ecosystem, the return of Emotet, and, of course, the Log4J zero-day vulnerability that punctuated an already busy year. Major incidents

In January, the US Department of Justice confirmed that it had been affected by the Solarwinds supply-chain attack, and that 3% of its employee email boxes had been accessed in order to steal sensitive data. The department has more than 100,000 employees across a series of law enforcement agencies, including the FBI, the Drug Enforcement Agency, and the US Marshals Service. The Department of Justice was a buyer of SolarWinds Orion, a tool that was used by hackers to execute this attack, leading to as many as 18,000 SolarWinds customers experiencing a breach. The Department of Justice said it learned it was a victim on Christmas Eve, revealing that a small percentage of its Microsoft Office 365 email accounts had been compromised.

In the same month, JBS S.A, the world's largest meat processing company, fell victim to an attack by the REvil ransomware group. The Brazilian company distributes meat products made in 150 industrial plants in 15 countries, and has approximately 150,000 employees worldwide. The attack that hit the company network impacted slaughterhouses and meat supplies in the US, Canada and Australia and caused more than 3000 workers’ shifts to be canceled. All of its US beef plants and meat packing facilities, responsible for almost a quarter of American meat supplies, ceased production while The White House assigned the FBI to investigate. In Australia, some abattoirs were completely shut down, forcing the company to furlough 7,000 employees. Eventually, with the fear of price inflation combined with massive unemployment, the CEO of JBS USA, a subsidiary of JBS S.A., announced that the company paid the cybercriminals a ransom equivalent to $11 million in BTC.

The education sector was also heavily impacted. In 2021, it was the most targeted sector globally, with a 75% increase compared to 2020 and an average of almost 1, 605 attack weekly attempts per organisation. The disruption suffered by educational institutions impacted students, professors and other staff members. Howard University in Washington D.C fell victim to a ransomware attack in September and was forced to suspend classes to conduct a thorough investigation of their network together with an audit of the student and staff devices. Similarly, The Lewis and Clark Community College in Illinois was hit by a ransomware attack in November that affected their online learning platform as well as other critical systems.

They had to close all their campuses, and cancel extra-curricular activities including sporting events taking place in their facilities. The FBI released an alert against the PYSA ransomware that targets higher education institutions in the US and the UK. Finally, in mid-2021, the Grief ransomware attacked several school districts in the US, among them a school district in Mississippi. The ransomware stole 10GB of data including personal and professional information, and has threatened to publish the data unless it is paid. Institutions of higher learning such as universities and colleges make good targets for cyber-criminals because their systems, which allow students and faculty to connect their personal devices to the institution’s network, aren’t fully protected.

Click here to read the full interactive security report.

Askaris are a leading 4* Check Point partner with over 30 years experience in supporting global clients with Check Point security technology and managed services. Contact us for a FREE Check Point demo today!

Our customers love us and stay with us because we are a highly experienced team, but we never get tired of hearing it.