New data released this week confirms what numerous others have reported as a massive surge in attacks against organizations worldwide since the COVID-19 pandemic forced dramatic changes to workplace and operational environments.
A recent analysis of threat activity by Check Point Software Technologies shows that the average number of weekly attacks on organizations globally so far this year is 40% higher than the average before March 2020, when the first pandemic-related changes went into effect. In the US, the average increase is even higher, at 53%.
Check Point's data shows there were more average weekly attacks in September 2021 than any time since January 2020. In fact, the 870 attacks per organization globally per week that Check Point counted in September this year was double the average in March 2020.
In terms of of raw attack volume, companies and other organizations in Africa experienced more weekly attacks this year — 1,615 — than any other region. Though North American companies experienced the highest growth in attack volumes, the actual number of attacks per week was lower, at 497 per organization.
As has been the case for some time now, some industry sectors were more heavily targeted than others. Education and research organizations, for instance, witnessed a 60% increase in attacks from 2020 and currently average 1,468 attacks per week.
Government and military entities, with an average of 1,082 weekly attacks, were the next most highly attacked, while healthcare organizations are currently dealing with some 752 attacks per week on average — or a 55% increase from last year.
Check Point's data is similar to data from other vendors that have noted a sharp increase in attacks targeting these sectors. For instance, the need for school districts to support new distance learning models in the wake of the pandemic has made them even bigger targets for ransomware operators than they were already. Over the past year, there have been numerous reports of ransomware attacks disrupting attempts to deliver classes online and often forcing school districts to deal with huge ransom demands.
Similarly, hospitals and healthcare networks that are central to fighting the pandemic have seen big surges in cyberattacks, especially those involving ransomware. Check Point's data shows a startling one out of 44 healthcare organizations globally have been affected in a ransomware attack this year, a 39% increase over 2020.
Ransomware Up 93%
Ransomware attacks overall so far in 2021 have increased by 93% compared with the same period last year. The attacks have touched one in 61 organizations globally, a 9% increase over last year. Internet and managed service providers were the most frequent targets, with one out of 36 getting hit in an attack so far this year.
One reason for the high interest among attackers in ISPs and MSPs is due to the access these organizations provide to numerous other potential victims. By attacking remote monitoring and management services provider Kaseya in July, for instance, attackers were able to deploy ransomware on systems belonging to more than 1,000 organizations.
Botnet malware has proved to be the biggest malware threat to organizations so far in 2021, with an average of 8% of organizations globally being attacked on a weekly basis. Banking malware too increased by 26% this year. Attacks involving banking malware affected 4.6% of organizations globally on a weekly basis, while those involving cryptomining tools declined 22% year-over-year.