Our website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website.

Cloud-based Cyberattacks Increased by 48% in 2022, as Hackers Continue to Leverage Digital Transformation

by Uma Rajagopal
0 comments
cyber security

 

Check Point Research (CPR) reports a 48% YoY increase in cloud-based cyberattacks for 2022, as organizations increasingly move operations to the cloud due to escalated digital transformations. The largest increases were seen in Asia (+60%), followed by Europe (+50%) and North America (+28%). CPR finds that hackers are leveraging newer CVEs from the past two years to attack via the cloud, when compared to on-premise attacks. CPR warns organizations that cloud-based cyberattacks can lead to damaging data loss, malware and ransomware attacks and offers five cyber safety tips. 

Check Point Research (CPR) reports significant increases in cyberattacks on cloud-based networks. 

By the numbers: 

  • 48% increase in the number of cloud-based network cyberattacks in 2022, compared to 2021
  • 60% increase in Asia in the number of cloud-based network cyberattacks in 2022, compared to 2021
  • 50% increase in Europe in the number of cloud-based network cyberattacks in 2022, compared to 2021
  • 28% Increase in North America in the number of cloud-based network cyberattacks in 2022, compared to 2021

Emphasis on recent CVEs

In recent cloud-based cyberattacks, newer CVE’s (disclosed 2020-2022) are being leveraged more compared to on-prem networks for attempted attacks on cloud-based networks. The difference between the two types of networks can be seen in the visual below.

Figure 1. Percentage of attacks leveraging recent vulnerabilities (disclosed 2020-2022)

Further analysis of specific high profile global vulnerabilities revealed that some major CVE’s have had a higher impact on cloud-based networks compared to on-prem. In essence, the overwhelming amount of data in the cloud leads to even more impactful attacks given its extent and content once breached. Networks tend to be easier to exploit in the absence of proper security which is sometimes deployed on other platforms on-prem.

Examples of prominent CVEs disclosed this year that have shown a similar trend:

  • VMware Workspace Remote Code Execution (CVE-2022-22954) – 31% higher impact on cloud-based networks
  • Text4shell Vulnerability (CVE-2022-42889) – 16% higher impact on cloud-based environments compared to its impact against on-prem networks
  • Microsoft Exchange Server Remote Code Execution (CVE-2022-41082) – 17% higher impact on cloud-based networks
  • F5 BIG IP (CVE-2022-1388) – 12% higher impact on cloud-based networks
  • Atlassian Confluence—Remote Code Execution (CVE-2022-26134) – 4% higher impact on cloud-based networks

Omer Dembinsky, Data Group Manager at Check Point Software: 

 “Enterprise attack surfaces have fast-expanded in a short amount of time. Digital transformations and remote work due to the COVID pandemic have accelerated the move to the cloud. Hackers are quickly following. These organizations have been challenged to secure distributed workforce, while at the same time, are dealing with a shortage of skilled security staff. Data loss, malware and ransomware attacks are among the top threats that organizations face in the cloud. Cloud applications and services are a prime target for hackers because misconfigured services and recent CVEs are leaving them exposed to the internet and vulnerable to simple cyberattacks.” 

Cyber safety Tips for Organizations 

  1. Backup cloud data. If your data is ever compromised, having a backup makes recovering it a lot simpler.
  2. Control access for third-party apps. Vet 3rd party apps for the degree of access they have. 
  3. Use two-factor authentication. 
  4. Use logically isolated networks and micro-segments. Deploy business-critical resources and apps in logically isolated sections of the provider’s cloud network, such as Virtual Private Clouds (AWS and Google) or vNET (Azure).
  5. Shift your security left. Incorporate security and compliance protection early into the development lifecycle