Cloud-Based Network Attacks Rise by 48%
February 01, 2023

Omer Dembinsky
Check Point Software Technologies

It's Not Always Peaceful High in the Clouds

For the past few years, Check Point Research (CPR) has been following the evolution of the cloud threat landscape, as well as the constant increase in cloud infrastructure adoption by corporate environments. As many as 98% of global organizations utilize cloud-based services, and approximately 76% of them have multi-cloud environments, featuring services from two or more cloud providers.

Cloud adoption in general has grown rapidly in recent years, and COVID-19 accelerated this transition. With the normalization of remote work, companies needed to be able to support and provide critical services to their off-site workforce. As the adoption of cloud technology grows, so does the need for cloud security. Cloud-based applications and cloud-hosted data must be protected against unauthorized access in accordance with applicable regulations. This year saw a significant example of how critical this protection might get, when Thailand's most extensive mobile network, AIS, accidentally left a database of eight billion internet records exposed, leading to one of the most expensive breaches ever recorded, costing the company $58 billion to resolve.

In November, The FBI and CISA revealed in a joint advisory that an unnamed Iranian-backed threat group hacked a Federal Civilian Executive Branch (FCEB) organization to deploy XMRig cryptomining malware. The attackers compromised the federal network after hacking into an unpatched VMware Horizon server using an exploit targeting the Log4Shell (CVE-2021-44228) remote code execution vulnerability.

Growth in the Number of Attacks Against Cloud-Based Networks

When examining the past two years of Cloud-based networks landscape, we see a significant growth of 48% in the number of attacks per organization experienced in 2022, compared to 2021. When examining the growth in number of attacks per organization, according to geographical regions we see that Asia sees the largest increase, Year of year, with 60% growth, followed by Europe that has seen a substantial growth of 50% and North America with 28%.

Newer and Major CVE's Impact Higher in Cloud-Based Networks Compared to On-Prem

Although the current number of attacks on cloud-based networks is still 17% lower than in non-cloud networks, when drilling down to types of attacks, and specifically to Vulnerability Exploits, there is a higher usage of newer CVE's (disclosed 2020-2022) compared to on-prem networks for attempted attacks on cloud-based networks. The difference between the two types of networks can be seen in the visual below.


Percentage of attacks leveraging recent vulnerabilities (disclosed 2020-2022)

Further analysis of specific high profile global vulnerabilities reveals that some major CVE's have had a higher impact on cloud-based networks compared to on-prem. For example, the Text4shell Vulnerability (CVE-2022-42889), which was disclosed in October and was exploited soon after, has shown a 16% higher impact on cloud-based environments compared to its impact against on-prem networks. This vulnerability, based on the Apache Commons Text's functionality, allows attacks over a network without the need for any specific privileges or user interaction.

Additional examples of prominent CVEs disclosed this year that have shown a similar trend:

■ VMware Workspace Remote Code Execution (CVE-2022-22954) - 31% higher impact on cloud-based networks.

■ Microsoft Exchange Server Remote Code Execution (CVE-2022-41082) - 17% higher impact on cloud-based networks.

■ F5 BIG IP (CVE-2022-1388) - 12% higher impact on cloud-based networks.

■ Atlassian Confluence — Remote Code Execution (CVE-2022-26134) - 4% higher impact on cloud-based networks

The statistics and data used in this report present data detected by Check Point's Threat Prevention technologies, stored and analyzed in ThreatCloud.

Omer Dembinsky, Data Group Manager at Check Point Software Technologies
Share this

Industry News

May 21, 2025

Red Hat announced jointly-engineered, integrated and supported images for Red Hat Enterprise Linux across Amazon Web Services (AWS), Google Cloud and Microsoft Azure.

May 21, 2025

Komodor announced the integration of the Komodor platform with Internal Developer Portals (IDPs), starting with built-in support for Backstage and Port.

May 21, 2025

Operant AI announced Woodpecker, an open-source, automated red teaming engine, that will make advanced security testing accessible to organizations of all sizes.

May 21, 2025

As part of Summer '25 Edition, Shopify is rolling out new tools and features designed specifically for developers.

May 21, 2025

Lenses.io announced the release of a suite of AI agents that can radically improve developer productivity.

May 20, 2025

Google unveiled a significant wave of advancements designed to supercharge how developers build and scale AI applications – from early-stage experimentation right through to large-scale deployment.

May 20, 2025

Red Hat announced Red Hat Advanced Developer Suite, a new addition to Red Hat OpenShift, the hybrid cloud application platform powered by Kubernetes, designed to improve developer productivity and application security with enhancements to speed the adoption of Red Hat AI technologies.

May 20, 2025

Perforce Software announced Perforce Intelligence, a blueprint to embed AI across its product lines and connect its AI with platforms and tools across the DevOps lifecycle.

May 20, 2025

CloudBees announced CloudBees Unify, a strategic leap forward in how enterprises manage software delivery at scale, shifting from offering standalone DevOps tools to delivering a comprehensive, modular solution for today’s most complex, hybrid software environments.

May 20, 2025

Azul and JetBrains announced a strategic technical collaboration to enhance the runtime performance and scalability of web and server-side Kotlin applications.

May 19, 2025

Docker, Inc.® announced Docker Hardened Images (DHI), a curated catalog of security-hardened, enterprise-grade container images designed to meet today’s toughest software supply chain challenges.

May 19, 2025

GitHub announced that GitHub Copilot now includes an asynchronous coding agent, embedded directly in GitHub and accessible from VS Code—creating a powerful Agentic DevOps loop across coding environments.

May 19, 2025

Red Hat announced its integration with the newly announced NVIDIA Enterprise AI Factory validated design, helping to power a new wave of agentic AI innovation.

May 19, 2025

JFrog announced the integration of its foundational DevSecOps tools with the NVIDIA Enterprise AI Factory validated design.

May 15, 2025

GitLab announced the launch of GitLab 18, including AI capabilities natively integrated into the platform and major new innovations across core DevOps, and security and compliance workflows that are available now, with further enhancements planned throughout the year.