· Average weekly attacks per organization worldwide reached a peak of 1.2K attacks, a 32% increase year-over-year
· Education/ Research sector continues to be the most heavily attacked industry, seeing a 53% increase year-over-year
· Globally, 1 out of 40 organizations were impacted by Ransomware attacks, a worrying 59% increase year-over-year
Latin America seeing the largest increase in Ransomware attacks, with 1 out of 23 organizations impacted weekly, (43% increase YoY),
with the Asia region following with 1 out of 17 organizations impacted weekly (33% increase YoY)
2022 began with a massive exploitation of one of the most serious vulnerabilities on the internet, theApache log4j, and continued with a full blown cyber warfare from the Russia-Ukraine war.
Today, Check Point Research (CPR) reports that the second quarter of 2022 saw an all-time peak, where global cyber-attacks increased by 32%, compared to Q2 2021. The average weekly attacks per organization worldwide reached a peak of 1.2K attacks.
The most attacked industry in Q2 2022 was the Education/Research sector, while Africa saw the highest volume of attacks peaking at 1.7K attacks on average per organization, and unprecedently, 1 out of 40 organizations worldwide was impacted by Ransomware, representing a 59% increase compared to numbers in the previous year.
Figure 1: Global Quarterly attacks from Q1 2021- Q2 2022
Education & Research is the most attacked sector
In terms of industries, cyber criminals seem to target most of their attacks on the education / research sector with an average of more than 2.3K attacks per organization every week. This represents an increase of 53% compared to Q2 2021.
Following this is the government/military sector that has seen 1.6k average weekly attacks, representing a rise of 44%, compared to the same period of time in the previous year. Subsequently followed by the ISP/MSP, healthcare and communication sectors, all seeing an average of 1.3K attacks per week, per organization, representing a substantial double digit increase year over year.
Figure 2: Global Average Weekly Attacks per Industry, percentage represents increase compared to Q2-2021
Ransomware at the center of attention
May 2022 marked the 5th anniversary of the infamous WannaCry attack, and it seems that Ransomware has completely changed the threat landscape, in that it has evolved to be a weapon in the hands of attack groups threatening governments. Check Point Research recently coined the term ‘country extortion’ after observing how ransomware expanded its business borders to now include the government sector.
In this report, CPR sees that globally, the weekly average of impacted organizations by Ransomware reached 1 out of 40 – a 59% increase YoY (1 out of 64 organizations in Q2 2021).
Latin America has seen the largest increase in attacks, spotting 1 out of 23 organizations impacted weekly, a 43% increase YoY, compared to 1 out of 33 in Q2 2021, followed by Asia region that has seen a 33% increase YoY, reaching 1 out of 17 organizations impacted weekly.
- In Africa, the weekly average of impacted organizations is 1 out of 21 – a 21% increase YoY (1 out of 25 organizations in Q2 2021)
- In ANZ, the weekly average of impacted organizations is 1 out of 113 – an 18% increase YoY (1 out of 133 organizations in Q2 2021)
- In North America, the weekly average of impacted organizations is 1 out of 108 – a minor increase of 1% YoY (1 out of 66 organizations in Q2 2021)
- In Europe, the weekly average of impacted organizations is 1 out of 66 – no increase YoY, same impact as Q2 2021
Ransomware attacks per industry:
Retailers and the wholesale sector saw the largest spike in ransomware attacks, with an alarming increase of 182%, compared to the same period last year, followed by the Distributors sector that saw a 143% increase and then, the government/military sector, reporting a staggering increase of 135%, reaching a ratio of 1 out of 24 organizations impacted by ransomware on weekly basis.
|Industry||Weekly Impacted Organizations||YoY Change|
|Government/Military||1 out of 24||+135%|
|Education/Research||1 out of 30||+83%|
|Healthcare||1 out of 31||+47%|
|ISP/MSP||1 out of 37||+9%|
|Finance/Banking||1 out of 41||+42%|
|Communications||1 out of 46||+59%|
|SI/VAR/Distributor||1 out of 47||+143%|
|Manufacturing||1 out of 48||+60%|
|Retail/Wholesale||1 out of 53||+182%|
|Utilities||1 out of 59||+11%|
|Transportation||1 out of 70||+28%|
|Software vendor||1 out of 74||-34%|
|Leisure/Hospitality||1 out of 77||+24%|
|Hardware vendor||1 out of 78||+48%|
|Insurance/Legal||1 out of 81||+1%|
|Consultant||1 out of 87||-17%|
Figure 3: Ratio & percentage of attacks per industry
Immediate measures can be undertaken by any organization or country to guard against ransomware attacks. From continuous data backups, reducing the attack surface to simple measures like constant up-to-date patching, implementing a cyber security action plan will help to reduce such ransomware attacks.
Attacks per Region
Our researchers saw that Africa was the most attacked region in Q2 2022, peaking at 1.76k weekly attacks on average, per organization, a nominal increase of 3%, compared to the same period last year against the continent.
Following Africa, Latin America experienced astounding numbers of 1.60K on average, marking a 29% increase respectively, year–over-year.
Figure 4: Attacks & percentage increase per region
The statistics and data used in this report present data detected by Check Point’s Threat Prevention technologies, stored and analyzed in ThreatCloud. ThreatCloud provides real-time threat intelligence derived from hundreds of millions of sensors worldwide, over networks, endpoints and mobiles. The intelligence is enriched with AI-based engines and exclusive research data from the Check Point Research (CPR) – The intelligence & Research Arm of Check Point.
How To Prevent The Next Attack
Mega cyber-attacks like SolarWinds and Log4J were not inevitable. With the correct measures and technologies in place, many organizations could have avoided the impact and devastating effect of such attacks. In order to truly combat the next threats, organizations must take a proactive approach, using advanced technologies that can prevent even the most evasive zero- day attacks.
In other words, the next attack can be prevented if companies change their view on security, and follow a few guiding principles.
Choose Prevention over detection:
Traditional cybersecurity vendors often claim that attacks will happen, and there’s no way to avoid them, and therefore the only thing left to do is to invest in technologies that detect the attack once it has already breached the network, and mitigate the damages as soon as possible.
This is untrue. Not only can attacks be blocked, but they can be prevented, including zero-day attacks and unknown malware. With the right technologies in place, the majority of attacks, even the most advanced ones, can be prevented without disrupting the normal business flow.
Keep your threat intelligence up to date
Malware is constantly evolving, making threat intelligence an essential tool for almost every company to consider. When an organization has financial, personal, intellectual, or national assets, a more comprehensive approach to cybersecurity is the only way to protect against today’s attackers. And one of the most effective proactive security solutions available today is threat intelligence.
Implementing the most advanced technologies
Attack techniques are diverse and constantly evolving. IT systems are complex and there is no single silver-bullet technology that can protect from all threats and all threat vectors. However, there are many integrated and impactful technologies and ideas available such as: machine learning, sandboxing, anomaly detection, content disarmament, and numerous others that can help prevent the next cyber attack. Each of these technologies can be highly effective in specific scenarios, covering specific file types or attack vectors. Strong solutions integrate a wide range of technologies and innovations to effectively combat modern attacks in IT environments.
Maintain security hygiene
- Patching: All too often, attacks penetrate by leveraging known vulnerabilities for which a patch exist,s but has not been applied. Organizations should strive to make sure up-to-date security patches are maintained across all systems and software.
- Segmentation: Networks should be segmented, applying strong firewall and IPS safeguards between the network segments in order to prevent infections from propagating across the entire network.
- Review: Security products’ policies must be carefully reviewed, and incident logs and alerts should be continuously monitored.
- Audit: Routine audits and penetration testing should be conducted across all systems.
- Principle of Least Privilege: User and software privileges should be kept to a minimum – Decision makers should decide if there really is a need for all users to have local admin rights on their PCs, which enlarges possibilities and widens the vectors for attacks.
To prevent your organization from being the next victim of a cyber-attack, read Preventing the Next Cyber Attack