Check Point Software’s 2022 Security Report: Global Cyber Pandemic’s Magnitude Revealed

By : Nata Kesuma | Wednesday, January 26 2022 - 14:40 IWST

Check Point Software Technologies (Images by Acclaim)
Check Point Software Technologies (Images by Acclaim)

INDUSTRY.co.id - SINGAPORE – January 24th 2022 -- Check Point Research (CPR), the Threat Intelligence arm of Check Point® Software Technologies Ltd. (NASDAQ: CHKP), a leading provider of cyber security solutions globally, has released its 2022 Security Report.

From the SolarWinds attack at the beginning of the year, which presented a whole new level of sophistication and spread, all the way through to December and the influx of Apache Log4j vulnerability exploitations, the 2022 Security Report reveals the key attack vectors and techniques witnessed by CPR during 2021.

Overall in 2021, organisations experienced 50% more weekly cyber-attacks than in 2020. With the Education/Research sector’s 1,605 weekly attacks taking the lead (75% increase). This was followed by Government/Military with 1,136 weekly attacks (47% increase) and Communications with 1,079 weekly attacks (51% increase).

Software vendors experienced the largest year-on-year growth (146%) which goes hand-in-hand with the ever-increasing trend of software supply chain attacks observed in 2021. This last year has also seen evolving attacks on mobile devices, increase in major cloud services vulnerabilities, and the return of the notorious Emotet botnet.

Highlights from the 2022 Security Report include: 

Supply chain attacks: The infamous SolarWinds attack laid the foundations for a supply chain attack frenzy. 2021 saw numerous sophisticated attacks such as Codecov in April and Kaseya in July, concluding with the Log4j vulnerability that was exposed in December. The striking impact achieved by this one vulnerability in an open-source library demonstrates the immense inherent risk in software supply chains. 

Cyber-attacks disrupting everyday life: 2021 saw a large number attacks targeting critical infrastructure which led to huge disruption to individuals’ day-to-day lives, and in some cases even threatened their sense of physical security. 

Cloud services under attack: Cloud provider vulnerabilities became much more alarming in 2021 than they were previously. The vulnerabilities exposed throughout the year have allowed attackers, for varying timeframes, to execute arbitrary code, escalate to root privileges, access mass amounts of private content and even cross between different environments.

Developments in the mobile landscape: Throughout the year, threat actors have increasingly used smishing (SMS phishing) for malware distribution and have invested substantial efforts in hacking social media accounts to obtain access to mobile devices.

The continued digitisation of the banking sector in 2021 led to the introduction of various apps designed to limit face-to-face interactions, and those in turn have led to the distribution of new threats.

Cracks in the ransomware ecosystem: Governments and law enforcement agencies changed their stance on organised ransomware groups in 2021, turning from pre-emptive and reactive measures to proactive offensive operations against the ransomware operators, their funds and supporting infrastructure.

The major shift happened following the Colonial Pipeline incident in May which made the Biden administration realise they had to step up efforts to combat this threat.

Return of Emotet: One of the most dangerous and infamous botnets in history, is back. Since Emotet’s November return, CPR found the malware’s activity to be at least 50% of the level seen in January 2021, shortly before its initial takedown. This rising trend continued throughout December with several end-of-year campaigns, and is expected to continue well into 2022, at least until the next takedown attempt.

"In a year that began with the fallout from one of the most devastating supply chain attacks in history, we’ve seen threat actors grow in confidence and sophistication,” said Maya Horowitz, VP Research at Check Point Software.

“This culminated in the Log4j vulnerability exploit which, yet again, caught the security community off-guard and brought to the fore the sheer level of risk inherent in software supply chains. In the months between, we saw cloud services under attack, threat actors increasing their focus on mobile devices, the Colonial Pipeline held to ransom, and the resurgence of one of the most dangerous botnets in history.”

Maya continued: “But it’s not all doom and gloom. We also saw cracks in the ransomware ecosystem widen in 2021, as governments and law enforcement agencies around the world resolved to take a tougher stance on ransomware groups in particular. Instead of relying on reactive and remedial action, some shocking events woke governments up to the fact that they needed to take a more proactive approach to dealing with cyber risk. That same philosophy extends to businesses too, who can no longer afford to take a disjointed, siloed, reactionary approach to dealing with threats. They need 360-degree visibility, real-time threat intelligence, and a security infrastructure that can be mobilised in an effective, joined-up manner.”

Cyber Attack Categories by Region in 2021:

The ‘Cyber Attack Trends: 2022 Security Report’ gives a detailed overview of the cyber-threat landscape. These findings are based on data drawn from Check Point Software’s ThreatCloud Intelligence between January and December 2021, highlighting the key tactics cyber-criminals are using to attack businesses.

News Comment

Today's Industry

A total of 55 health professionals who participated in the Binawan Europe program, in the form of international career development scholarships in Austria. (Photo: The Public Relations of Binawan University)

Jumat, 02 Mei 2025 - 10:46 WIB

Binawan and Government Support Indonesian Nurses in Europe through Scholarships

In the midst of the viral #KaburAjaDulu hashtag as a symbol of the young generation's disappointment with domestic working conditions, Binawan responded with real action: dispatching Indonesian…

SUNeVision Initiates MEGA IDC Phase Two Development

Jumat, 28 Maret 2025 - 22:21 WIB

SUNeVision Initiates MEGA IDC Phase Two Development

SUNeVision, the technology arm of Sun Hung Kai Properties (SHKP), today announced the commencement of construction for Phase Two of MEGA IDC in Tseung Kwan O. As Hong Kong's largest data centre…

 PT Metrodata Electronics Tbk (“MTDL”)

Jumat, 28 Maret 2025 - 22:07 WIB

TDL Records New Revenue Record of IDR 25 Trillion in 2024 Ahead of 50th Anniversary

PT Metrodata Electronics Tbk (MTDL), the largest technology Company with the most complete IT and telecommunications products in Indonesia, managed to record a revenue of IDR 25 trillion in…

Microvista Expands International Presence with Mobile CT System ScanExpress

Jumat, 28 Maret 2025 - 21:53 WIB

Microvista Expands International Presence with Mobile CT System ScanExpress

The German specialist in industrial computed tomography and non-destructive testing, Microvista, announces the European expansion of its innovative mobile CT system, ScanExpress. The system…

Pekerja Industri Tekstil

Jumat, 28 Maret 2025 - 21:44 WIB

Turning Loss into Profit, INOV Optimistic in Maintaining Positive Performance this Year

PT Inocycle Technology Group Tbk (INOV:IJ) Indonesia's leading and largest PET waste recycling Company managed to book sales of IDR 629 Billion in 2024, an increase of 4.8% compared to the previous…