Check Point Research (CPR) reports a 48% YoY increase in cloud-based cyberattacks for 2022, as organizations increasingly move operations to the cloud due to escalated digital transformations. The largest increases were seen in Asia (+60%), followed by Europe (+50%) and North America (+28%). CPR finds that hackers are leveraging newer CVEs from the past two years to attack via the cloud, when compared to on-premise attacks. CPR warns organizations that cloud-based cyberattacks can lead to damaging data loss, malware and ransomware attacks and offers five cyber safety tips.
Check Point Research (CPR) reports significant increases in cyberattacks on cloud-based networks.
By the numbers:
- 48% increase in the number of cloud-based network cyberattacks in 2022, compared to 2021
- 60% increase in Asia in the number of cloud-based network cyberattacks in 2022, compared to 2021
- 50% increase in Europe in the number of cloud-based network cyberattacks in 2022, compared to 2021
- 28% Increase in North America in the number of cloud-based network cyberattacks in 2022, compared to 2021
Emphasis on recent CVEs
In recent cloud-based cyberattacks, newer CVE’s (disclosed 2020-2022) are being leveraged more compared to on-prem networks for attempted attacks on cloud-based networks. The difference between the two types of networks can be seen in the visual below.
Figure 1. Percentage of attacks leveraging recent vulnerabilities (disclosed 2020-2022)
Further analysis of specific high profile global vulnerabilities revealed that some major CVE’s have had a higher impact on cloud-based networks compared to on-prem. In essence, the overwhelming amount of data in the cloud leads to even more impactful attacks given its extent and content once breached. Networks tend to be easier to exploit in the absence of proper security which is sometimes deployed on other platforms on-prem.
Examples of prominent CVEs disclosed this year that have shown a similar trend:
- VMware Workspace Remote Code Execution (CVE-2022-22954) – 31% higher impact on cloud-based networks
- Text4shell Vulnerability (CVE-2022-42889) – 16% higher impact on cloud-based environments compared to its impact against on-prem networks
- Microsoft Exchange Server Remote Code Execution (CVE-2022-41082) – 17% higher impact on cloud-based networks
- F5 BIG IP (CVE-2022-1388) – 12% higher impact on cloud-based networks
- Atlassian Confluence—Remote Code Execution (CVE-2022-26134) – 4% higher impact on cloud-based networks
Omer Dembinsky, Data Group Manager at Check Point Software:
“Enterprise attack surfaces have fast-expanded in a short amount of time. Digital transformations and remote work due to the COVID pandemic have accelerated the move to the cloud. Hackers are quickly following. These organizations have been challenged to secure distributed workforce, while at the same time, are dealing with a shortage of skilled security staff. Data loss, malware and ransomware attacks are among the top threats that organizations face in the cloud. Cloud applications and services are a prime target for hackers because misconfigured services and recent CVEs are leaving them exposed to the internet and vulnerable to simple cyberattacks.”
Cyber safety Tips for Organizations
- Backup cloud data. If your data is ever compromised, having a backup makes recovering it a lot simpler.
- Control access for third-party apps. Vet 3rd party apps for the degree of access they have.
- Use two-factor authentication.
- Use logically isolated networks and micro-segments. Deploy business-critical resources and apps in logically isolated sections of the provider’s cloud network, such as Virtual Private Clouds (AWS and Google) or vNET (Azure).
- Shift your security left. Incorporate security and compliance protection early into the development lifecycle