Check Point Research (CPR) examines Cloud-based networks and finds a significant growth of 48% in the number of attacks per organization, experienced in 2022 compared to 2021.
Attempted attacks on cloud-based networks, specifically to Vulnerability Exploits, sees a higher usage of newer CVE’s
Major CVE’s had higher impact on cloud-based networks compared to on-prem
For the past few years, Check Point Research (CPR) has been following the evolution of the cloud threat landscape, as well as the constant increase in cloud infrastructure adoption by corporate environments. As many as 98% of global organizations utilize cloud-based services, and approximately 76% of them have multi-cloud environments, featuring services from two or more cloud providers.
Cloud adoption in general has grown rapidly in recent years, and COVID-19 accelerated this transition. With the normalization of remote work, companies needed to be able to support and provide critical services to their off-site workforce. With the move to the cloud comes a need for cloud security as the largest the adaptation of technology, so comes the increase in amount of attacks on it. These cloud-based applications must be protected against attack, and cloud-hosted data must be protected against unauthorized access in accordance with applicable regulations. This year saw a significant example of how critical this protection might get, when Thailand’s most extensive mobile network, AIS, accidentally left a database of eight billion internet records exposed, leading to one of the most expensive breaches ever recorded, costing the company $58 billion to resolve.
In November, The FBI and CISA revealed in a joint advisory that an unnamed Iranian-backed threat group hacked a Federal Civilian Executive Branch (FCEB) organization to deploy XMRig cryptomining malware. The attackers compromised the federal network after hacking into an unpatched VMware Horizon server using an exploit targeting the Log4Shell (CVE-2021-44228) remote code execution vulnerability.
When examining the past two years of Cloud-based networks landscape, we see a significant growth of 48% in the number of attacks per organization experienced in 2022, compared to 2021. When examining the growth in number of attacks per organization, according to geographical regions we see that Asia sees the largest increase, Year of year, with 60% growth, followed by Europe that has seen a substantial growth of 50% and North America with 28%.
Although the current number of attacks on cloud-based networks is still 17% lower than in non-cloud networks, when drilling down to types of attacks, and specifically to Vulnerability Exploits, there is a higher usage of newer CVE’s (disclosed 2020-2022) compared to on-prem networks for attempted attacks on cloud-based networks. The difference between the two types of networks can be seen in the visual below.
Further analysis of specific high profile global vulnerabilities reveals that some major CVE’s have had a higher impact on cloud-based networks compared to on-prem. For example, the Text4shell Vulnerability (CVE-2022-42889), which was disclosed in October and was exploited soon after, has shown a 16% higher impact on cloud-based environments compared to its impact against on-prem networks. This vulnerability, based on the Apache Commons Text’s functionality, allows attacks over a network without the need for any specific privileges or user interaction.
Additional examples of prominent CVEs disclosed this year that have shown a similar trend:
- VMware Workspace Remote Code Execution (CVE-2022-22954) – 31% higher impact on cloud-based networks
- Microsoft Exchange Server Remote Code Execution (CVE-2022-41082) – 17% higher impact on cloud-based networks
- F5 BIG IP (CVE-2022-1388) – 12% higher impact on cloud-based networks
- Atlassian Confluence—Remote Code Execution (CVE-2022-26134) – 4% higher impact on cloud-based networks
Omer Dembinsky, Data Group Manager, Check Point Software, said, “Enterprise attack surfaces have fast-expanded in a short amount of time. Digital transformations and remote work due to the COVID pandemic have accelerated the move to the cloud. Hackers are quickly following. These organizations have been challenged to secure distributed workforce, while at the same time, are dealing with a shortage of skilled security staff. Data loss, malware and ransomware attacks are among the top threats that organizations face in the cloud. Cloud applications and services are a prime target for hackers because misconfigured services and recent CVEs are leaving them exposed to the internet and vulnerable to simple cyberattacks.”
