The rise — partly due to Log4j — helped boost cyberattack attempts to an all-time high in Q4 2021, new data shows.

Steve Zurier, Contributing Writer, Dark Reading

January 11, 2022

3 Min Read
The education/research sector sustained the most attacks in 2021, followed by government/military and communications. Source: Check Point Software

Cyberattack attempts reached an all-time high in the fourth quarter of 2021, jumping to 925 a week per organization, partly due to attempts stemming from the Log4j vulnerability, according to new data.

Check Point Research on Monday reported that it found 50% more attack attempts per week on corporate networks globally in calendar year 2021 compared with 2020.

The researchers define a cyberattack attempt as a single isolated cyber occurrence that could be at any point in the attack chain — scanning/exploiting vulnerabilities, sending phishing emails, malicious website access, malicious file downloads (from Web/email), second-stage downloads, and command-and-control communications. All of the attack attempts Check Point cites in the research were detected and stopped by its team.

Omer Dembinsky, group manager for the data research team at Check Point, says that in 2021, education/research was the sector that experienced the highest volume of attempts, with an average of 1,605 per organization every week.

Africa experienced the highest volume of attempts in 2021, with 1,582 weekly attempts per organization, a 13% increase from 2020. And while software vendors experienced an average of only 536 attempts per organization per week, that represents an increase of 146% year-over-year.

"While we can only speculate on the reasons for such a high number in education, we did see a shift to online learning, with a lot of new online systems that can be easily exploited," Dembinksy says. “Plus, in general for education, besides the people who are employees, you have a lot of external people going in and out of the network and systems and applicants sending email, so everything is very mixed.”

Nasser Fattah, steering committee chair at Shared Assessment, agrees that education continues to be a soft target for threat actors.

"Usually, adversaries that are financially motivated deploy attacks likes DDoS and ransomware, where essential services are disrupted until payment is made," Fattah says. "Also, there are those adversaries who understand that many educational establishments are breeding grounds for important research, including intellectual properties, which when breached can be very profitable."

Fattah also adds that while the digital transformation taking place in Africa has added many benefits, adversaries will leverage these same technical capabilities to launch attacks. "Unfortunately, with technology comes more cyberattacks," he says. 

Log4j "Symptom of a Larger Sickness" 
Jasmine Henry, field security director at JupiterOne, says she would like to believe that the all-time high in cyberattack attempts in the fourth quarter was an isolated occurrence because of Log4j, and that cyber teams could return to cruise-control mode.

"But instead, I think Log4J is a symptom of a larger sickness in the security of the software supply chain and the complexities of securing legacy system components and libraries," Henry says. "There will be more vulnerabilities discovered in widely adopted open source and enterprise software solutions with significant downstream impact. Log4j was just the beginning. Security teams need to take this opportunity to get better visibility into their assets, systems, and libraries as soon as possible."

Hank Schless, senior manager, security solutions at Lookout, says educational institutions went under some of the most dramatic changes over the course of the pandemic. Attackers almost always go after groups that they perceive to be most vulnerable to have the greatest chance of success, he says.

"The idea of e-learning was in very early stages when the pandemic hit, so for entire school systems, universities, research centers and more to have to flip their continued collaboration and education to fully remote infrastructure overnight was beyond difficult," Schless says. "Before, there may have been some basic cloud-based apps or infrastructure in place that enabled teachers and staff to collaborate or for students to turn in work, but the capacity and security was not ready to take on the complexity of remote learning at the drop of a hat."

Chris Olson, CEO at The Media Trust, says that with today's remote environment, it shouldn't surprise anyone that digital-dependent organizations like education face an onslaught of attack attempts, with several education platforms forced to publicly acknowledge their security failings and promise to do better.

"Clearly," Olson adds, "today's traditional security solutions aren't enough."

About the Author(s)

Steve Zurier

Contributing Writer, Dark Reading

Steve Zurier has more than 30 years of journalism and publishing experience and has covered networking, security, and IT as a writer and editor since 1992. Steve is based in Columbia, Md.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights