Weekly cyberattacks jumped by 50% in 2021, with a peak in December due largely to the Log4J exploit

Cybercriminals enjoyed a banner year in 2021; good news for them but bad news for their victims. For 2021 as a whole, the number of cyberattacks against corporate networks soared by 50% from the previous year, cyber threat intelligence provider Check Point Research said in a report released on Monday.

SEE: Incident response policy (TechRepublic Premium)

The year ended with an especially rough fourth quarter that saw an all-time peak in weekly cyberattacks at 925 per organization. This capper was due in large part to the Log4J vulnerability, according to Check Point. Since becoming public knowledge in December, the flaw in Apache’s Log4j utility has prompted hackers to scan for unpatched systems on which they can remotely run malicious code and take control of affected computers.

For 2021, the education/research sector was hit by the greatest number of cyberattacks, averaging 1,605 per organization each week, a 75% increase from 2020. The government/military sector was next, with 1,136 attacks per week, a gain of 57% from the previous year. In third was the communications industry with 1,079 attacks per organization each week, a 51% increase.

Across the world, Africa bore the brunt of the highest number of attacks last year, with an average of 1,582 per week per organization. APAC (Asia-Pacific) was second, averaging 1,353 weekly attacks per organization, followed by Latin America with 1,118 attacks weekly, Europe with 670 attacks weekly, and North America with an average of 503 weekly attacks per organization.

“Hackers keep innovating,” said Check Point Software data research manager Omer Dembinsky. “New penetration techniques and evasion methods have made it much easier for hackers to execute malicious intentions. What’s most alarming is that we’re seeing some pivotal societal industries surge into the most-attacked list. Education, government and healthcare industries made it into the top five most attacked industries list, worldwide. I expect these numbers to increase going into 2022, as hackers will continue to innovate and find new methods to execute cyberattacks, especially ransomware.”

To protect your organization from cyberattack, Check Point offers the following tips:

1. Patch. Attackers often penetrate networks by exploiting known security vulnerabilities for which a patch is available but has not been applied. Ensure that the latest critical security patches are installed on all systems and software.
2. Segment. Segment your networks and apply strong firewall and intrusion prevention safeguards between those segments to prevent malware from navigating across your entire network.
3. Educate employees. Awareness by users can help prevent an attack before it hits. Educate your users so they know how to report something suspicious and potentially malicious to your help desk or IT people.
4. Implement advanced security protection. No one technology can protect your organization from every type of threat. Instead, consider a range of key technologies, such as machine learning, sandboxing, anomaly detection and content disarmament. Two key factors that can prove effective are threat extraction (file sanitization) and threat emulation (advanced sandboxing). Individually, these offer strong protection. Together, they provide a comprehensive way to combat unknown malware both at the network level and on endpoint devices.

“We’re in a cyber pandemic, if you will,” Dembinsky said. “I strongly urge the public, especially those in the education, government and healthcare sectors, to learn the basics on how to protect themselves. Simple measures such as patching, segmenting your networks and educating employees can go a long way in making the world safer.”

Cybersecurity Insider Newsletter

Strengthen your organization’s IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices.
Delivered Tuesdays and Thursdays

Sign up today

Also see