Fewer But More Severe Cyber Attacks in 2019

Cyber security solutions firm Check Point is determined to get its message to the market: prevention is critical for businesses to effectively deal with the multi-vector cyber threat landscape characterised by 6th generation threats – and outsourcing to a trusted protector partner is the only credible way to track traffic developments in the network and cover all the bases in protecting assets.

Speaking on the side-lines of the ICT security firm’s largest CPX360 event to date, hosted recently in Vienna, Austria, Maya Horowitz, Director, Threat Intelligence & Research, said the message is getting through to businesses, but not entirely.

“…because there is always the fear of what prevention will cause the business, and that’s why for us when we focus on prevention, then it means we also have to focus on accuracy. You have to trust someone to give them the ability to block traffic that goes in or out of your organisation. We try to be this trusted advisor and protector for customers.”

Fewer but more severe cyber attacks in 2019 Horowitz said despite the scale of global incidents like Wannacry, there is still not enough IT security awareness among organisations or end-users – or the will to take measures to stop these attacks.

This is because of a ‘head-in-the-sand’ mentality – the idea that if a problem is ignored long enough, it will go away, Horowitz explained.

Businesses would far rather adopt that stance than face having to invest in resources and go as far as having to change the architecture of the network, for example.

Check Point says financial gain remains the main motivation behind cyber attacks, and predicts that while there will be fewer attacks this year, those that do occur will be more severe.

“Somewhere between ninety to ninety-five percent of attacks are financially motivated, but the other five percent might be even more devastating because they are the ones that actually influence the world, whether it is creating damage or changing the results of elections. Even those that have a finance motivation like ransomware carry with them influence, like being able to change the dose of medication for patients in a hospital, for example,” Horowitz continued.

Cloud and mobility risk

In January 2018 Adebayo Sanni, MD at Oracle Nigeria, predicted that Nigeria’s SME-dominant market would overtake Kenya and South Africa in terms of cloud adoption in that year.

The company suggested that by 2025, 80% of IT budgets will be spent on cloud services, all enterprise data will be stored in the cloud and 100% of application development and testing will be conducted in the cloud.

At the ITWeb Cloud Summit 2019 hosted in February this year in Johannesburg, Jai Menon, futurist and chief scientist at Cloudistics, was quoted as saying: “My predictions for the near future is that we will see fewer than 50% of global applications being run on public cloud; secondly, only about five general-purpose public cloud vendors will survive in future; thirdly, there will be a significant rise in cross-cloud services.”

This becomes increasingly relevant and poignant given the results of Check Point Software’s research around cloud, mobility and cyber security risk.

Check Point research affirms that most organisations do not protect their cloud environment and the most common reason is because businesses believe this is something the cloud provider does, added Horowitz.

Fewer but more severe cyber attacks in 2019 The company has found that 30% of IT professionals still consider security to be the responsibility of the cloud service provider, while only 9% consider threats on mobile to be a significant security risk.

“And of course they only do DDOS protection, mostly. It is wrong. So it means that we are taking the assets that we used to properly protect in our own network, (we are) sending them elsewhere and we’re not protecting them. That is like the jackpot for threat actors because that is where all the data is, all the computing power if when we talk about crypto-jacking … so that’s like the ‘holy grail’, and it’s not protected, that’s crazy. And of course we see the threat actors are moving to attack these environments because it is easy and it is worthwhile,” Horowitz added.

Targeted cryptomining

She confirmed the findings of the company’s first instalment of its 2019 Security Report, specifically the dominance of cryptomining malware dominated the threat landscape in 2018.

Cryptomining malware enables cybercriminals to hijack the victim’s CPU or GPU power and existing resources to mine cryptocurrency, using as much as 65% of the end-user’s CPU power. The top three most common malware variants seen in H1 2018 were all cryptominers.

Check Point stated that between January and June 2018, the number of organisations impacted by cryptomining malware doubled to 42%, compared to 20.5% in the second half of 2017.

According to the report organisations in three of the key counties in Africa were highly impacted by Coinhive, which is a crypto-miner: 41.29% of organisations in South Africa, 69.96% of organisations in Kenya and 68.52% of organisations in Nigeria.

The company’s second instalment of the report has found that cryptominers infected ten times more organisations than ransomware in 2018, but only one in five IT security professionals were aware their company’s networks had been infected by mining malware.

Fewer but more severe cyber attacks in 2019

37% of organisations globally were hit by cryptominers in 2018, and 20% of companies continue to be hit every week despite an 80% fall in cryptocurrency values.

“Ransomware used to be the weapon of choice and now there are fewer attacks, but the attacks that do take place are far more sophisticated. They are targeted to specific organisations that have something to lose like hospitals and businesses that lose a lot of money … and they target specific assets like datacentres and backup servers, so less attacks, but the profit is actually higher because one organisation that loses US$1.5-million per hour when their infrastructure is down, they would pay US$150 000 to get everything back,” said Horowitz.

Servers and cloud environments that have auto-scaling could represent lucrative targets for crypto-minders she added.

“I think we’ll see less cryptomining attacks, but more targeted… just like with ransomware. So it is maybe less relevant now to consumers, for my PC and my mobile device, but for organisations, it is far more relevant now,” said Horowitz.

As businesses face up to the expectation of more targeted attacks and with specialised IT security skills in short supply, Check Point senior executives believe outsourcing is at least one credible solution.

The company emphasises the value of its Infinity offering, based on the use of the same set of tools for all different protections.