From the point of view of one global cybersecurity firm, while Russia-Ukraine-related digital warfare slowed, other aspects were breaching records.
According to a cybersecurity firm’s own ecosystem in Q2 2023, cyberattacks increased 8% per week globally compared to the same quarter in 2022.
The average number of attacks per organization per week reached 1,258 attacks — the highest number noted within the same ecosystem in the past two years.
The data also shows up the use of new evasive tactics, frequent hacktivism-based attacks, a daily barrage of ransomware targeting numerous organizations, and other activities such as:
- A China-based APT that targets governmental entities
- Malware hidden behind legitimate looking apps
- A new version of Chinese espionage propagated through USB devices
- Malicious firmware implants discovered on TP-Link and other routers
- Exploits of the popularity generative AI apps and bypassing of usage restrictions
Also in Q2 2023, the education/research sector in Check Point’s ecosystem experienced the highest malicious attention, with an average of 2,179 attacks per organization per week, constituting a 6% decrease compared to that of Q2 2022.
Following that was the government/military sector, with an average of 1,772 attacks per week, representing a 9% increase from that of the same period last year. Finally, the healthcare sector attracted an average of 1,744 attacks per week, reflecting a YoY increase of 30%.
Globally, the weekly average of attacks per organization and YoY change (%) was:
- Africa: 2,164 (+23%)
- APAC: 2,046 (+22%)
- North America: 1,011 (+18%)
- Latin Americas: 1,745 (+9%)
- Europe: 1,013 (+5%)
The ransomware landscape in Check Point’s ecosystem for Q2 2023 was:
- APAC: 1 attack out of every 26 firms (+29%)
- Europe: 1 out of 54 (+21%)
- North America: 1 out of 94 (+15%)
- Africa: 1 out of 30 (-30%)
- Latin Americas: 1 out of 26 (-12%)
Finally, at the industry level, the ransomware landscape for Q2 2023 was:
- Consultancies: 1 organization attacked out of every 38 (+128%)
- Insurance/Legal: 1 out of 47 (+71%)
- Utilities: 1 out of 37 (+60%)
- Transportation: 1 out of 49 (+43%)
- Leisure/hospitality: 1 out of 55 (+41%)
- Finance/banking: 1 out of 31 (+33%)
- Communications: 1 out of 37 (+24%)
- Healthcare: 1 out of 27 (+16%)
- SI/VAR/distributor: 1 out of 41 (+15%)
- Software vendor: 1 out of 65 (+13%)
- Hardware vendor: 1 out of 73 (+7%)
- ISP/MSP: 1 out of 36 (+2%)
- Manufacturing: 1 out of 48 (+0.30%)
- Education/research: 1 out of 31 (-2%)
- Government/military: 1 out of 25 (-4%)
- Retail/wholesale: 1 out of 60 (-11%)
The firm has offered the following reminders: Ensure timely patching of cyber vulnerabilities; conduct regular cyber awareness training; enforce strong user authentication; prioritize prevention over detection; and incorporate extended detection and response (XDR and EPP) for endpoint security.
