2025年度网络安全报告-主要威胁、新兴趋势和 CISO 建议

TABLE OF CONTENTS 03CYBER SECURITYTRENDS 022024 CYBERSECURITY EVENTS 04GLOBAL ANALYSIS 01INTRODUCTION 08RECOMMENDATIONS 072025 INDUSTRYPREDICTIONS 06INCIDENT RESPONSEPERSPECTIVE 05HIGH PROFILE GLOBALVULNERABILITIES INTRODUCTION INTRODUCTION I’m happy to introduce the 13th annual edition of Check Point's State of Cyber Security. 2024’s advancements like AI and cloudinfrastructure improved our daily lives but also benefited cyber criminals. This report highlights the real-world impact of thesechanges, offering 2025 insights and recommendations from and for CISOs.With over a decade of analysis, Check Point Research insights come from unparalleled data sources that no other company combines. We gather attack telemetry from networks, cloud, email, endpoints, and mobile devices across enterprise and SMB customers. Byincorporating incident response, dark web, and open-source findings, we achieve visibility in over 170 countries to reveal global andregional trends. •The AI tactics that swayed a third of global elections through disinformation. MAYA HOROWITZ •A 58% surge in infostealer attacks, focusing on corporate access.•Ransomware attacks shift from encryption to data exfiltration extortion, with Healthcare now the second most targeted.•Hybrid networks enabling lateral movement between on-premise and cloud.•Hardware and Software supply chains saw the highest attack surge attacksI want to emphasize Check Point’s commitment to customer security. In 2024, edge devices were exploited to access enterprise product: the VPN Information Disclosure vulnerability (CVE-2024-24919). We promptly disclosed it, released a patch within a day,and proactively supported the few potentially affected customers with incident response and mitigation. Our dedication to protectingcustomers is in our DNA.While Check Point aims to protect our customers with our research, we hope this report serves the needs of the broader industryas well, as we combine forces and share knowledge. On behalf of the Check Point family, I hope this report is useful to both security practitioners as well as C-level executives.Enjoy the read! 2024 CYBERSECURITYEVENTS THE CYBER SECURITY EVENTS THAT DEFINED 2024 INTRODUCTION01 MARQ1 JAN FEB CYBER SECURITY TRENDS03 hackers targeted an unclassified military research networkin a cyber espionage operation against the Dutch DefenseMinistry, marking the Netherlands’ first public attribution of acyber attack to China.A high-severity vulnerability in Google Chrome’s V8 JavaScript Secure VPNs faced mass exploitation. Thousands of VPN deviceswere compromised, impacting victims like the U.S. Cybersecurity and Infrastructure Security Agency (CISA).Check Point Research uncovered an NFT scam targeting subsidiary, stealing six terabytes of data. U.S. military clinicsand hospitals worldwide were disrupted, necessitating manualprescription processes. The Rise of InfostealersThe Ransomware EcosystemCloud ComplexitiesEdge Devices and ORBs holders of over 100 popular projects. Scammers send seeminglylegitimate airdrops that link to fraudulent websites. Victims aretricked into connecting their wallets, granting attackers access totheir funds.Microsoft reported an attack by the Russian group Midnight engine, CVE-2024-0517, was identified. The flaw could allow aremote attacker to exploit heap corruption via a crafted HTMLpage. Google has since patched the vulnerability.Check Point Harmony IPS protects against this threat million users, including email addresses, hashed passwords,and IP addresses.Chinese APT group Earth, Krahang, targeted 70 government compromise corporate email accounts, including those of seniorleadership, cyber security, and legal staff.Check Point Harmony Endpoint and Threat Emulation Check Point Research discovered a critical Remote Code 2025 INDUSTRY PREDICTIONS07CISO RECOMMENDATIONS08HIGH PROFILE VULNERABILITIES05INCIDENT RESPONSE PERSPECTIVE06 #MonikerLink (CVE-2024-21413). #MonikerLink allows remoteattackers to deploy a link that bypasses the Protected ViewProtocol, potentially leading to credentials leakage and RCEcapabilities. Microsoft has since patched the vulnerability.Check Point IPS blade protects against this threat early 2022, utilizing vulnerabilities in internet-facing servers andspear-phishing tactics.Check Point Research tracked the financially motivated threatactor Magnet Goblin, who exploited one-day vulnerabilities (APT.Win.APT29; APT.Wins.Nobelium)HealthEC LLC experienced a data breach that affected 4.5 million in servers like Ivanti Connect Secure VPN, Magento, and QlikSense. The actor deployed a new Linux version of NerbianRATand WARPWIRE JavaScript credential stealer while proving quickadoption of exploits.Check Point IPS and Harmony Endpoint protect against thisthreat (RAT_Linux_Nerbian_*) medical and billing information, and health insurance data. The US Department of Justice disrupted the KB botnet, used bythe China-affiliated APT Volt Typhoon to ma