Cloud-based cyberattacks have seen a huge rise

A cloud icon on a desk in front of a laptop.
(Image credit: iStock)

Cloud-based cyberattacks have increased by almost half (48%) over the course of 2022 compared to the previous year, new figures from Check Point Research (CPR) have shown. 

The company’s analysis determined that as businesses accelerate their digital transformation efforts, they’re increasingly utilizing the cloud, making it an attractive target for cybercriminals. 

What’s more, businesses tend to keep more sensitive data in the cloud than on-premise these days, which is another key argument for the technology getting in threat actors’ crosshairs. 

TechRadar Pro needs you! We want to build a better website for our readers, and we need your help! You can do your bit by filling out our survey and telling us your opinions and views about the tech industry in 2023. It will only take a few minutes and all your answers will be anonymous and confidential. Thank you again for helping us make TechRadar Pro even better.

D. Athow, Managing Editor

Prime target

The largest increase in attacks was observed in Asia (more than 60%), with Europe (50%+) and North America (28%+) following suit.

Unlike on-premise attacks, in which threat actors usually leverage somewhat older vulnerabilities, for cloud-based attacks, hackers are often pursuing newer flaws, mostly vulnerabilities discovered between 2020 and 2022. 

Usually, these cyber-incidents result in data loss and ransomware attacks. 

“Enterprise attack surfaces have fast-expanded in a short amount of time,” commented Omer Dembinsky, Data Group Manager at Check Point Software. “Digital transformations and remote work due to the Covid pandemic have accelerated the move to the cloud. Hackers are quickly following. These organizations have been challenged to secure distributed workforce, while at the same time, are dealing with a shortage of skilled security staff. Data loss, malware and ransomware attacks are among the top threats that organizations face in the cloud. Cloud applications and services are a prime target for hackers because misconfigured services and recent CVEs are leaving them exposed to the internet and vulnerable to simple cyberattacks.” 

To keep their cloud premises secure, CPR recommends businesses backup cloud data frequently, set up control access for third-party apps, use multi-factor authentication whenever possible, use logically isolated networks and micro-segments and deploy business-critical resources and apps in logically isolated sections of the cloud network (think Virtual Private Clouds or vNET).

Finally, businesses should “shift the security left”, by incorporating security and compliance protection early into the development lifecycle.

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.