Cyber Attacks on Government Organizations beyond Ukraine Surge by 21%

Check Point Research (CPR) provides an update on cyber attacks observed throughout the Russia-Ukraine target. In the first three days of combat, cyber attacks on Ukraine’s government and military sector increased by a staggering 196%. Since then, cyber attacks on Ukraine’s government and military sector decreased, dropping 50% in the last 7 days. CPR suspects that hackers have made a shift towards taking advantage of other governments focused on the conflict. However, cyber attacks on all industries, not just government/military sector, in Ukraine and Russia have increased to the highest point since the beginning of the conflict and 2022.

  • In Ukraine, CPR documented a 20% increase in overall cyber attacks on all industries since the beginning of the conflict
  • In Russia, CPR documented a 1% increase in overall cyber attacks on all industries since the beginning of the conflict
  • CPR provides data on cyber attacks observed per region: Europe (+14%), North America (+17%), APAC (+11%), Latin America (+17%) and Africa (-2%)

Check Point Research (CPR) has updated statistics on cyber attacks observed around the Ukraine-Russian conflict. The last 7 days showed the highest number of overall cyber attacks, not only since the advent of the conflict, but also the beginning of the year.

  • In Ukraine, the average weekly attacks per organization last week stood at 1466, 20% higher than before the beginning of the conflict and 13% higher than the first two weeks of the conflict. This is while the amount of active networks in the country has dropped significantly by 27% due to the emergency situation.
  • In Russia the average weekly attacks per organization last week stood at 1274, and the changes are lower: 1% increase from before the beginning of the conflict and 4% higher than the first two weeks of the conflict
  • Globally the average weekly attacks per organization last week stood at 1266, 14% higher than before the beginning of the conflict and 15% higher than the first two weeks of the conflict

Cyber Attacks by Region

  • In Europe, the average weekly attacks per organization last week stood at 1068, 14% higher than before the beginning of the conflict and 15% higher than the first 2 weeks of the conflict.
  • In North America, the average weekly attacks per organization last week stood at 991, 17% higher than before the beginning of the conflict and 15% higher than the first 2 weeks of the conflict.
  • In APAC, the average weekly attacks per organization last week stood at 1718, 11% higher than before the beginning of the conflict and 13% higher than the first 2 weeks of the conflict.
  • In Latin America, the average weekly attacks per organization last week stood at 1837, 17% higher than before the beginning of the conflict and 20% higher than the first 2 weeks of the conflict.
  • In Africa, the average weekly attacks per organization last week stood at 1987, 2% lower than before the beginning of the conflict and 1% lower than the first 2 weeks of the conflict

Spotlight on Government/Military Sector

When focusing on the government and military sector, where CPR saw a significant increase in attacks within Ukraine in the first few days of the conflict, the past week displayed lower amounts in Ukraine, compared to the first two weeks (59% less). However, there has been a significant increase of cyber attacks on government/military sectors globally across all regions, with an average increase of 21%, compared to before the beginning of the conflict, and 19% higher than the first two weeks of the conflict.

It appears that hackers in the beginning had a very big focus on the conflict, and after two weeks they’ve understood what they can and cannot do. In other words, hackers have resumed to ‘normal business’. Also, we see a focused effort on attacking government/military targets, possibly part of diplomatic impact surrounding the war, and also taking advantage of higher interest which allows pulling off phishing attacks. We will continue to monitor cyber attacks in Russia, Ukraine and beyond in the time ahead.