Global Cyber Storm: Check Point Research Snapshot
In 2023, global cyberattacks have seen a 3% uptick compared to last year’s figures, with the Healthcare sector particularly in the crosshairs, witnessing an 11% surge in attacks. Notably, one in every 34 organisations worldwide faced the chilling reality of a ransomware attempt, marking a 4% increase from the same period last year.
Join us on this exploration of the cyber frontier, arming ourselves with insights to stay vigilant and secure in a world where the digital winds of change blow stronger each day.
Overall Global Attacks
In 2023 so far, there was a 3% increase in the average weekly global cyber-attacks compared to the same period last year. The average number of attacks per organisation per week so far this year stands at 1,200 attacks.
Global Attacks Per Industry: Healthcare Under Attack
The Education/Research sector experienced the highest number of attacks, with an average of 2,160 attacks per organisation per week, marking a 5% decrease compared to the same period in 2022. The Government/Military sector was the second most attacked, with an average of 1,696 attacks per week, which represents a 0.4% increase from the same period in the previous year, while the Healthcare sector followed closely behind, with an average of 1,613 attacks per week, reflecting a significant YoY increase of 11%.
In a public statement, MCNA(Managed Care of North America) says it determined someone “was able to see and take copies of some information in our computer system between February 26, 2023 and March 7, 2023”. MCNA, a dental insurer, has been hit with the largest breach of health data in 2023, which affected more than 8.8 million Americans.
Another Type of Health Scare – Why We See Many Cyberattacks Against Hospitals?
Attacks on hospitals and healthcare institutions have become increasingly prevalent for several reasons:
- Rich Data Troves: Healthcare organisations store a treasure trove of sensitive information, including personal health records, financial data, and other personally identifiable information. Cybercriminals target this data for identity theft, financial gain, or even extortion.
- Critical Infrastructure: Hospitals are part of critical infrastructure, and disrupting their operations can have severe consequences. Cyber attackers may leverage this to extort ransoms or create chaos for political or ideological motives.
- IoT Danger: Many healthcare organisations are using IoT, and there are large numbers of unmanaged IoT devices connected to the network. Each of these IoT devices is an entry point for hackers, making almost every hospital vulnerable to cyberattacks.
- Vulnerabilities in Legacy Systems: Many healthcare systems rely on legacy technology, which might not have robust cybersecurity measures in place. These outdated systems can be more vulnerable to exploitation, making them attractive targets.
- Limited IT Resources: Healthcare institutions often have limited resources allocated to cybersecurity, both in terms of budget and expertise. This makes them attractive targets as they may have weaker defences compared to other industries.
- High Stakes, Low Tolerance: The nature of healthcare means that any disruption can have immediate and life-threatening consequences. Cybercriminals may exploit this urgency, knowing that healthcare providers are more likely to pay ransoms quickly to restore critical services.
- Supply Chain Vulnerabilities: The healthcare ecosystem involves various interconnected entities, including pharmaceutical companies, medical device manufacturers, and insurance providers. Cyber attackers may exploit vulnerabilities in these interconnected systems to gain access to sensitive healthcare data.
- Global Health Concerns: Events like global health crises or pandemics can create a sense of urgency and distraction, providing cover for cybercriminals to carry out attacks when attention is focused elsewhere.
Overall Attacks Per Region: APAC Witnessed A Substantial 15% YoY Increase
During 2023 so far, Africa experienced the highest average number of weekly cyberattacks per organisation, with an average of 1,987 attacks. This signifies a year-on-year increase of 6% compared to the same period in 2022. The APAC region also witnessed a substantial 15% YoY increase in the average number of weekly attacks per organisation, reaching an average of 1,963 attacks.
- Africa: 1,987 weekly attacks per organisation on average (+6% YoY change)
- APAC: 1,963 weekly attacks per organisation on average (+15% YoY change)
- Latin America: 1,663 weekly attacks per organisation on average (+0.4% YoY change)
- Europe: 966 weekly attacks per organisation on average (-1% YoY change)
- North America: 939 weekly attacks per organisation on average (+5% YoY change)
1 Out Of Every 34 Organisations Worldwide Experienced An Attempted Ransomware Attack
In 2023 so far, every week on average 1 out of every 34 organisations worldwide experienced an attempted ransomware attack, representing an increase of 4% compared to the same period last year.
Organisations in Africa and Latin America were most impacted by attempted ransomware attacks, with 1 in every 19 organisations on average experiencing such an attack every week.
North America showed the highest increase compared to last year with 25% compared to the same time in 2022.
- Latin America: 1 out of 19 organisations attacked (+22%)
- Africa: 1 out of 19 organisations attacked (+7%)
- APAC: 1 out of 20 organisations attacked (-8%)
- Europe: 1 out of 47 organisations attacked (+0.3%)
- North America: 1 out of 69 organisations attacked (+25%)
Global Ransomware Attacks per Industry
In 2023 so far, the Government/Military sector experienced the highest number of ransomware attacks, with 1 out of every 24 organisations impacted, marking an 11% decrease compared to the previous year. The Healthcare sector was the second most affected, with 1 out of every 25 organisations experiencing such attacks, representing an increase of 3% YoY. With a similar increase from last year, the Education/Research industry followed closely behind as the 3rd most impacted sector globally, with 1 out of every 27 organisations affected by attempted ransomware attacks.
It is also important to notice many of the top impacted industries include critical infrastructure and services, including the Utilities sector which is ranked 6th, but has a dramatic 26% increase in Ransomware impact in the past year.
- Government/Military: 1 out of 24 organisations attacked (-11%)
- Healthcare: 1 out of 25 organisations attacked (+3%)
- Education/Research: 1 out of 27 organisations attacked (+3%)
- Finance/Banking: 1 out of 29 organisations attacked (+15%)
- ISP/MSP: 1 out of 33 organisations attacked (-9%)
- Utilities: 1 out of 34 organisations attacked (+26%)
- Communications: 1 out of 35 organisations attacked (+4%)
- Consultant: 1 out of 38 organisations attacked (+45%)
- SI/VAR/Distributor: 1 out of 42 organisations attacked (-2%)
- Transportation: 1 out of 46 organisations attacked (+22%)
- Manufacturing: 1 out of 47 organisations attacked (-14%)
- Retail/Wholesale: 1 out of 48 organisations attacked (-1%)
- Leisure/Hospitality: 1 out of 48 organisations attacked (+16%)
- Insurance/Legal: 1 out of 49 organisations attacked (+22%)
- Software vendor: 1 out of 62 organisations attacked (-3%)
- Hardware vendor: 1 out of 65 organisations attacked (+17%)
Ransomware Continues to Grow For Several Interconnected Reasons:
- Lucrative Business Model: Ransomware has proven to be a profitable venture for cybercriminals. The ability to extort money from individuals, businesses, or even governments fuel its growth. The relative anonymity provided by cryptocurrencies makes it easier for attackers to receive payments without being traced.
- Sophisticated Techniques: Cybercriminals are constantly evolving their techniques. The use of advanced tactics, such as leveraging zero-day vulnerabilities and employing social engineering, allows them to bypass traditional security measures.
- Ransomware-as-a-Service (RaaS): The rise of Ransomware-as-a-Service platforms makes it easier for even less skilled individuals to execute ransomware attacks. This ‘plug-and-play’ model provides malicious tools and infrastructure, lowering the barrier to entry for aspiring cybercriminals.
- Exploiting Weak Cyber Hygiene: Many organisations, particularly smaller ones, may have inadequate cybersecurity measures in place. Exploiting weak passwords, unpatched systems, and insufficient employee training provides avenues for ransomware attackers to gain entry.
- Targeting Critical Infrastructure: Cybercriminals increasingly target critical infrastructure, including healthcare, energy, and transportation. These sectors are more likely to pay ransoms quickly to avoid disruptions that could have severe consequences.
- Insufficient Regulation: In some regions, regulations and laws around cybersecurity are not robust enough to deter attackers effectively. This lack of consequences further emboldens cybercriminals.
- Cryptocurrency Anonymity: The use of cryptocurrencies like Bitcoin for ransom payments provides a level of anonymity that traditional banking systems do not. This facilitates the financial transactions necessary for ransomware operations without easy traceability.
Practical Advice: Preventing Ransomware and Other Attacks
- Cyber Awareness Training: Phishing emails are one of the most popular ways to spread ransom malware. By tricking a user into clicking on a link or opening a malicious attachment, cybercriminals gain access to the employee’s computer and begin the process of installing and executing the ransomware on it. Frequent cybersecurity awareness training is crucial to protecting the organisation against ransomware, leveraging their own staff as the first line of defence in ensuring a protected environment. This training should instruct employees on the classic signs and language that are used in phishing emails.
- Up-to-Date Patches: Keeping computers up-to-date and applying security patches, especially those labelled as critical, can help to limit an organisation’s vulnerability to ransomware attacks as such patches are usually overlooked or delayed too long to offer the required protection
- Utilise Better Threat Prevention: Most ransomware attacks can be detected and resolved before it is too late. You need to have automated threat detection and prevention in place in your organisation to maximise your chances of protection, including scanning and monitoring emails, and scanning and monitoring file activity for suspicious files. AI has become an indispensable ally in the fight against cyber threats. By augmenting human expertise and strengthening defence measures, AI-driven cybersecurity solutions provide a robust shield against a vast array of attacks. As cybercriminals continually refine their tactics, the symbiotic relationship between AI and cybersecurity will undoubtedly be crucial in safeguarding our digital future.
- Anti-Ransomware Solutions: Anti-ransomware solutions monitor programs running on a computer for suspicious behaviours commonly exhibited by ransomware, and if these behaviours are detected, the program can take action to stop encryption before further damage can be done.
- Robust Data Backup: The goal of ransomware is to force the victim to pay a ransom in order to regain access to their encrypted data. However, this is only effective if the target actually loses access to their data. A robust, secure data backup solution is an effective way to mitigate the impact of a ransomware attack.