The 2022 Mid-Year Report of Check Point has shown that the healthcare sector got the highest percentage increase in cyberattacks among all industries. Cyberattacks in the first half of 2022 are higher by 69% than in 2021. Healthcare currently holds the fifth-highest record in the number of attacks per week, next to the sectors of education, military/government, ISP/MSP, and communications.
According to Check Point’s report, cyberattacks in 2022 have become completely established as a state-level weapon, having seen an unprecedented increase in state-sponsored attacks during the first half of 2022 because of the continuous war in Ukraine. In addition, there’s a significant rise in hacktivism or the employment of private individuals for an ‘IT Army’ for executing attacks. Check Point states the after-effects of this are expected to be experienced by governments and businesses around the world.
The power of cyberattacks to impact day-to-day lives is very clear. In 2022, attacks on TV stations stopped broadcasting, and attacks on critical infrastructure and government units disrupted important services. A lot of these attacks were done in Ukraine, however, this is a global problem. The attack on Costa Rica upset services throughout the country, which include healthcare, and it wasn’t a singled-out incident, with the same attack impacting Peru soon after. Cyberattacks with a nationwide effect could become more prevalent. In education, the ransomware attack on Lincoln College compelled it to shut down after 157 years, and many ransomware attacks on healthcare companies have resulted in serious interruptions to medical services.
There are more cybercriminal groups undertaking attacks for monetary gain on specific companies as nation-state-level attackers. The Conti ransomware operation, because of Costa Rica’s decision not to give ransom payment, wanted to depose the government by inciting a revolution. A number of cybercriminal organizations now have hundreds of people and have incomes of millions to billions of dollars. In a number of instances, these organizations operate like real companies, with a few even getting physical property, and running at that level becomes hard without some support from the governments of the nations where they are located. There has additionally been a pattern that cyber criminals don’t use ransomware entirely, and rather, choose to do plain extortion or data theft and demand a ransom payment. This is what the Lapsus$, Karakurt, and RansomHouse threat groups are doing.
Check Point’s information reveals a 42% increase in cyberattacks around the world from January to June of 2022. The following lists the gathered statistics:
- 23% of business networks experienced attacks with multipurpose malware
- 15% were attacked with crypto miners
- 13% experienced infostealer infections
- 12% experienced mobile attacks
- 8% experienced ransomware attacks
Attacks on the healthcare sector increased by 69% with 1,387 attacks on companies per week on average.
In the Americas, Emotet has become the most frequent malware threat after law enforcement took it down in January 2021 which halted the attacks. Emotet is being employed in 8.6% of malware attacks in the first half of 2022, with an extensive selection of malware variants now being employed, such as XMRig (1.9%), Remcos (2.3%), and Formbook (4.2%).
High-profile vulnerabilities are still being exploited to acquire access to business networks, such as the Apache Log4j RCE vulnerability (CVE-2021-44228), the F5 BIG IP RCE vulnerability (CVE-2022-1388), and the Atlassian Confluence RCE vulnerability (CVE-2022-26134).
Check Point has predicted the attack trends for the rest of the year according to recognized trends in the first half of 2022. Ransomware is likely to be a more fragmented ecosystem, the deactivation of macros will see more varied email infection chains used, hacktivism is predicted to change, and attacks on the crypto and blockchain platforms are anticipated to go up.
Check Point recommends the following cybersecurity improvements:
- installing updates and patches on a regular basis
- installing anti-ransomware solutions
- implementing a prevention-first strategy and approach
- collaborating with the police and national cyber authorities
- improving education regarding cyber threats
- preparing by employing and testing incident response programs that can be
- instantly followed in case of a successful attack