Authored By: Gary Gardiner, Head of Security Engineering, APAC & Japan, Check Point Software Technologies
Cyberattacks linked to pandemic-related developments worldwide continued to impact organisations in 2021. Cybercriminals doubled down on their attacks, taking advantage of countries experiencing new COVID-19 strain waves or entering various stages of reopening their borders, with spikes in fake vaccine certificate vendors on the dark web as a result.
Check Point Research recently reported cyberattacks on organisations worldwide surged 40% in 2021, compared to the previous year, with 1 in every 61 organisations impacted by ransomware each week during the same period. In Asia Pacific, we are seeing the highest volume of attack attempts by ransomware with 1 out of 34 organisations being impacted every week in 2021. Singapore saw the biggest jump, recording a 106% increase in cyber attacks comparing this year to 2020. Indonesia had the highest number of attacks in terms of volume, with an average of 2,981 weekly attacks per organisation in 2021, a 15% increase from 2020.
As organisations embark on the road to post-pandemic recovery, it’s essential to keep cybersecurity front of mind when planning for the year ahead. Let’s take a look at some of the key cyber incidents and learnings from 2021 to help organisations better secure and protect their businesses, assets and people from potential threats:
Global boom in COVID-19 vaccination documents: The global demand for fake vaccination certificates exploded in recent weeks. Check Point Research (CPR) revealed that the number of sellers increased by 10-fold from August to September this year. As more countries emerge out of lockdown vaccine mandate policies are applied, the demand for fake vaccination cards and certificate continue to grow. Cybercriminals are capitalising on these pandemic-related developments for personal gain, as evidenced by reports of fake vaccine certificates previously sold for as low as USD 80-100 / AUD 110 on the dark web – and now the clear web.
Attacks on critical infrastructure: Across the globe, cybercriminal organisations increased attacks on essential services and governmental bodies, such as transport, education etc. One example of the scale and danger of these crimes is the cyberattacks on Iran’s train system earlier this year, which resulted in interruption of services and directed passengers to call the Iranian Supreme Leader Khamenei’s office’s phone number. The incident served as an important call-out for governments globally to proactively increase critical infrastructure security because the recovery process is complicated and can be lengthy.
Closer to home, we’ve seen the news on how multi-national insurer Tokio Marine Insurance had its Singapore branch compromised, after falling victim to a ransomware attack. This had caused panic and distress for its users, and its reputation inevitably took a hit.
We now live in an age where critical infrastructure can easily be disrupted in any corner of the world. What’s most concerning is that majority of the time, these incidents can be prevented. Ensure you have an effective disaster recovery plan in place, make sure your systems are up to date and leverage third-party software to protect against threats and other attack vectors.
Triple-extortion ransomware attacks: In Check Point Software’s 2021 mid-year report, we introduced a new type of threat – the Triple Extortion attacks, an evolution of the already trending crime. Take the REvil ransomware, one of the most prominent families responsible for dozens of major breaches since 2019 and, more recently, the July 4th Kaseya and JBS cyberattacks earlier this year.
Supply chain attacks: Increased cyber incidents have triggered organisations to realise that they are only a strong as their weakest link due to multiple high profile supply chain disruptions, regardless of industries. Supply chain incidents piqued researchers’ interest following the SolarWinds attack. As a result, the team identified security flaws in Atlassian, an Australian-founded software platform with more than 180,000 customers worldwide. With just one click, an attacker could have used the flaws to gain access to the Atlassian Jira bug system and obtain sensitive information. While CPR responsibly disclosed the research findings to Atlassian who deployed a fix for potential account takeover. Distributed workforces and remote technologies have exacerbated the trend in supply chain attacks, however it’s imperative to ensure these technologies have the best defences against malicious data extraction.
Securing the hybrid workplace: One of the key challenges facing organisations in a hybrid work environment is the intensity of cyberattacks rather than the exposure to new vulnerabilities. Cybercriminals are fully aware of the timeframe industries can take to identify and remediate; it could take days, weeks, and even months to patch vulnerabilities if organisations don’t have the proper security policies and infrastructure. The bottom line is the hybrid workplace is now very much a part of our everyday life, and IT professionals and employees need to step up in ensuring each endpoint is secured.
In summary, we’ve learned hackers and cybercriminals always seek to take advantage of organisations, enterprises and individuals; no business or individual is immune to an attack. To stay ahead of threats, organisations need to adopt a proactive approach to cybersecurity. An unprotected surface or endpoint is a weak point – leading to potential cyber-attacks and threats.