Cyber-attacks increased 50% YoY in 2021 & peaked in Dec. due to a deluge of Log4j exploits, researchers have discovered.
2021 ended under a Log4Shell-induced raid. With millions of Log4j-targeted attacks occurring hourly since the flaw’s discovery last month, there’s been a record-breaking peak of 925 cyber-attacks a week per organisation, globally.
Log4Shell Attacks
The no. if from a Mon. report from Check Point Research (CPR), which found Log4Shell attacks to be a major contributor to a 50% increase year-over-year in overall attacks per week on corporate networks for 2021.
2021 had already been set to break records even before the easily exploited Log4Shell vulnerabilities in the common Java logging library Apache Log4j occurred, allowing unauthenticated remote code execution (RCE) & complete server takeover & leading to in-the-wild exploitation in just hours.
CPR had reported a 40% increase as of Oct. , with earlier nos. showing that one out of every 61 organisations worldwide had been affected by ransomware each week.
Education/Research
CPR researchers observed that education/research was the sector that experienced the highest volume of attacks in 2021, with an average of 1,605 attacks per organisation weekly: a 75% increase from 2020.
One case: As of Dec. 30, the advanced persistent threat (APT) Aquatic Panda was targeting universities with Log4Shell exploit tools in an attempt to steal industrial intelligence & military secrets.
The 2nd most impacted sector was government/military, which saw 1,136 attacks per week: a 47% increase. Next was the communications industry, with 1,079 attacks weekly per organisation: a 51% increase.
Africa, APAC – Most Attacks
Africa experienced the highest volume of attacks in 2021, with an average of 1,582 weekly attacks per organisation: a 13% increase over 2020.
APAC saw a 25% increase in weekly attacks per organisation, with an average of 1,353 weekly attacks. Latin America, with 1,118 attacks weekly, experienced a 38% increase; Europe, with 670 attacks weekly, showed a 68% increase; & North America, with an average of 503 weekly attacks per organisation, was under attack 61% more than in 2020.
Everything is a Target
CPR’s advice: “In a multi-hybrid environment, where the perimeter is now everywhere, security should be able to protect it all.”
Email, web browsing, servers & storage are “merely the basics,” the firm stated: a list to which mobile apps, cloud & external storage are also “essential,” as are compliance of connected mobile & endpoint devices, & internet-of-things (IoT) devices.
Also, “workloads, containers & serverless applications on multi- & hybrid-cloud environments should be part of the checklist at all times,” CPR recommended.
Known Flaws
Standard security best practices apply: Stay up to date with security patches to stop attacks that use known flaws, segment networks, apply strong firewall & IPS safeguards between the network segments in order to contain infections from propagating across the entire network, & educate employees to recognise potential threats.
“Quite often, user awareness can prevent an attack before it occurs,” CPR researchers suggested.
“Take the time to educate your users and ensure that if they see something unusual, they report it to your security teams immediately. User education has always been a key element in avoiding malware infections.”
Advanced Security Technologies
Finally, implement advanced security technologies, CPR explained. “There is not a single silver-bullet technology that can protect organisations from all threats & all threat methods. However, there are many great technologies & ideas available – machine learning, sandboxing, anomaly detection, content disarmament & numerous more.”
CPR recommended 2 key things to consider: threat extraction (file sanitisation) & threat emulation (advanced sandboxing).
“Each element provides distinct protection that, when used together, offer a comprehensive solution for protection against unknown malware at the network level & directly on endpoint devices.”
