Check Point Reveals 42% Global Increase in Cyber Attacks
Check Point Research, the threat intelligence arm of Check Point Software, has released its ‘Cyber Attack Trends: 2022 Mid-Year Report’ highlighting how cyberattacks have become firmly entrenched as a state-level weapon, including the new ransomware method of ‘Country Extortion’ and state-affiliated hacktivism, and the expansion of ransomware as the number one threat. The report also delves into the growth of cloud supply chain attacks through new sources of modules in the open-source community.
“The war in Ukraine has dominated the headlines in the first half of 2022 and we can only hope that it will be brought to a peaceful conclusion soon,” said Maya Horowitz, VP Research at Check Point Software. “Its impact on the cyber space has been dramatic in both scope and scale, and we have seen huge increases in cyberattacks against organizations in all sectors and all countries this year. Unfortunately, this will only get worse especially with ransomware now being the number one threat to organizations. However, with the right expertise, strategy and cybersecurity solutions in place, companies are able to prevent attacks from happening.”
Among the highlights of the report, ransomware is expected to become a much more fragmented ecosystem – while ransomware groups have become more structured and operate like regular businesses, with set targets to hit, there will be a lesson learned from the Conti ransomware group, whose size and power garnered too much attention, which led to its downfall.
Due to the implementation of internet macros being blocked by default in Microsoft office, the more sophisticated malware families are likely to accelerate the development of new infection chains, with different file types that are password protected to prevent detection as sophisticated social engineering attacks increase.
Meanwhile, hacktivist groups will continue to align their attacks with the agenda of their chosen nation state, particularly as the Russia-Ukraine war is still ongoing.
The findings are based on data drawn from Check Point Software’s ThreatCloud Intelligence between January and June 2022, highlighting the key tactics cyber-criminals are using to attack businesses.
The report presents an integrated view of how cyberattacks have led to major disruption, causing harm to civic and cyber life in 2022.
Menlo Security: Ransomware Attacks Taking Toll on Security Professionals
Ransomware attacks show no sign of slowing, according to a new research report, “2022 Impacts: Ransomware attacks and preparedness,” published today by Mountain View-based Menlo Security. A recent survey found that a third of organizations experience a ransomware attack at least once a week, with one in 10 experiencing them more than once a day.
This translates to security professionals coming under increasing pressure as organizations face an unprecedented number of highly sophisticated threats.When asked what keeps them awake at night, 41% of respondents say they worry about ransomware attacks evolving beyond their team’s knowledge and skillset, while 39% worry about them evolving beyond their company’s security capabilities.
Their biggest concern, however, is the risk of employees ignoring corporate security advice and clicking on links or attachments containing malware (46%). Respondents worry more about this than they do their own job security, with just a quarter (26%) of respondents worried about losing their job.
According to the report, around half of organizations (61% US and 44% UK) have been the victim of a successful ransomware attack in the last 18 months, with customers and prospects the most likely entry point for an attack. Partners/suppliers and employees/contractors are also seen as serious security risks, although one in 10 admit they are unable to identify how the attacks got in. The top three ransomware attack vectors are email (54%), web browsers via a desktop or laptop (49%) and mobile devices (39%).
“Security professionals are coming under increasing pressure as organizations face an unprecedented number of highly sophisticated threats like ransomware,” comments Mark Guntrip, senior director of Cybersecurity Strategy at Menlo Security. “On the frontline of cyber defense, they are often coping with huge amounts of stress, worrying about what employees are doing, their team and whether they are getting the right support internally, so it’s no surprise they are prioritizing the business over job security. Indeed, the burnout and high churn rate of CISOs is widely reported.”
Commissioned by Menlo Security, the research was conducted by SAPIO Research in June 2022 using an email invitation and online survey. The company commissioned a survey of 505 IT Security Decision Makers working within organizations with 1,000+ employees across the US and UK.
The report quantifies how and why many security professionals are feeling burned out.
CompTIA and ConnectWise Launch Workforce Initiative
A new effort to expand the nation’s cybersecurity and technology workforce through paid apprenticeships has been launched by CompTIA, a suburban Chicago-based trade association, and ConnectWise, a Tampa-based software company.
The strategy involves pairing new IT professionals, certified by CompTIA, with IT businesses, self-identified through the ConnectWise partner community, for registered apprenticeships.
“We focus so much on top level cybersecurity experts that we forget the majority of this work is done by rank-and-file cyber professionals,” said Todd Thibodeaux, CompTIA president and CEO. “They work with end users, maintain, and secure networks and defend against phishing and other threats to keep everyone and everything working securely. It is with these frontline positions where the most sizable staffing deficits exist, something we intend to address with this program.”
The two companies made their announcement in conjunction with the recent Cyber Workforce and Education Summit at the White House, where Secretary of Labor Martin J. Walsh made an announcement challenging industry and labor partners to help expand registered apprenticeships in cybersecurity.
“We have thousands of partners across the IT industry who regularly tell us about the challenges of finding qualified talent,” said ConnectWise CEO Jason Magee. “With the backing of the White House, and in partnership with CompTIA as an established educator of IT professionals, we have a unique opportunity to move hiring forward by matching trained workers with a robust group of potential employers.”
As a newly designated National Program Sponsor for Apprenticeship, CompTIA will use its education, training, and certifications to equip apprentices with the skills and training needed for employment in technology occupations, including cybersecurity roles.
ConnectWise, through its extensive network of IT service providers, is the employer partner in the new initiative.
The two companies will offer training, certification, and employment opportunities in five high-demand tech occupations: Tech Support Specialist, Network Support Specialist, Cybersecurity Support Technician, Tech Project Coordinator and Data Analyst. Training is based on National Guideline Standards created by CompTIA and approved by the U.S. Department of Labor.
The initiative provides a new route to talent for channel partners, as well as all segments of the IT field.