Cloud-based attacks increased by 48% in 2022. Some tips on computer security

Check Point Research (CPR)the Threat Intelligence division of Check Point Softwarerecorded a 48% increase on an annual basis of cloud-based attacks during 2022as organizations increasingly shift their operations to the cloud.

The rise of cloud-based attacks around the world

Compared to 2021, the increase in Europa is 50%, while in Asia and North America 60% and 28% respectively. CPR has found that hackers leverage the latest Common Vulnerabilities and Exposures (CVEs) to attack through the cloud.

Cloud-based cyberattacks can lead to massive data loss, malware and ransomware attacks, and CPR shares five cybersecurity tips.

Cloud-Based Attacks: Emphasis on Recent CVEs

In recent cloud-based cyberattacks, the CVE more current ones (disclosed in 2020-2022) are being exploited more than on-prem networks for attempts to attack cloud-based networks. The difference between the two types of networks is shown in the figure below.

Further analysis of specific high-profile global vulnerabilities revealed that some key CVEs have had a greater impact on cloud-based networks than on-prem ones. In essence, theThe huge amount of data in the cloud can lead to even more powerful attacks, given their extension and content. In the absence of proper security which is sometimes implemented on other on-premise platforms, networks tend to be easier to exploit.

Examples of notable CVEs disclosed this year that showed a similar trend:

• VMware Workspace Remote Code Execution (CVE-2022-22954) – impatto superiore del 31% sulle reti cloud-based.
• Text4shell Vulnerability (CVE-2022-42889) – 16% greater impact on cloud-based environments than impact on on-prem networks.
• Microsoft Exchange Server Remote Code Execution (CVE-2022-41082) – impatto superiore del 17% sulle reti cloud-based
• F5 BIG IP (CVE-2022-1388) – 12% higher impact on cloud-based networks
• Atlassian Confluence-Remote Code Execution (CVE-2022-26134) – 4% higher impact on cloud-based networks.

Some cybersecurity tips for organizations

Cloud data backup. If your data is compromised, having a backup makes recovery much easier.

Control access to third-party apps. Control third-party apps based on their degree of access.

Use two-factor authentication.

Use logically isolated networks and micro-segments. Deploy business-critical applications and resources in logically isolated sections of the provider’s cloud network, such as Virtual Private Cloud (AWS and Google) or vNET (Azure).

Making safety a priority from the start. Incorporate security and compliance protection early in the development lifecycle.