Skip Navigation
BlackBerry Blog

Not Just Another Threat Report!

(This Cyber Tactics column, “Not Just Another Threat Report!” written by BlackBerry SVP and CISO John McClurg, was originally published April 6, 2022, in Security Magazine. Excerpted with permission – access the full article here).
 

Cyber Tactics

The BlackBerry 2022 Threat Report is not a simple retrospective of the cyberattacks of 2021. It is a high-level look at issues affecting cybersecurity across the globe, both directly and indirectly. It covers elements of critical infrastructure exploitation, adversarial artificial intelligence (AI), initial access brokers (IABs), critical event management (CEM), extended detection and response (XDR), and other issues shaping our current security environment.

The research represents a unique piece of the overall security puzzle. Its goal is to improve the global security posture by sharing information, predictions, and experiences. To accomplish that, the report examines 2021’s major security events and how they may shape the cybersecurity landscape going forward. It provides a deep dive into the cybersecurity issues security leaders face today, and offers the industry additional information and context within which to perform a thoughtful analysis.

That said, the report also includes a breakdown of the top 10 malware attacks witnessed by BlackBerry over the past year, as well as a review of incident responses (IR), annual cybersecurity legislative updates and near-term predictions. Many of the sections of previous threat reports have returned. In addition to those returning topics, this year’s research explores other relevant, emerging themes, such as supply chain attacks, dangerous new programming languages, security in the metaverse, quantum computing, and ransomware campaigns.

The fluidity of modern cyberattacks can require organizations to frequently rethink their approach to cybersecurity and consider new options. We must constantly assess new technologies and approaches that can outperform legacy antivirus solutions, ranging from prevention-first AI to adopting a zero-trust architecture. Accordingly, the BlackBerry 2022 Threat Report offers suggestions on cybersecurity strategies and technologies that could have prevented the greatest security lapses of the past year.

The most widely publicized cyber events of 2021 involved ransomware attacks on critical infrastructure and technology companies. The ransomware threat group REvil attacked Acer, JBS Foods and others, while DarkSide crippled Colonial Pipeline, and Avaddon infiltrated AXA. In short, the scope and success of various threat groups last year — particularly against private sector companies considered part of national infrastructure — proved unsettling.

Governments responded to the attacks. G7 countries and NATO allies put cybersecurity at the top of the public policy agenda. U.S. President Joe Biden issued an Executive Order on “Improving the Nation’s Cybersecurity,” while the Department of Justice established a Ransomware and Digital Extortion Task Force.

As the year wore on, a Microsoft Exchange Server zero-day vulnerability spiraled into a crisis after the Hafnium group exploited the flaw. Other threat actors were quick to capitalize on the opportunity by reverse-engineering the patch and targeting organizations worldwide. The swift proliferation of Hafnium-style attacks reinforced the importance of both organizations and individuals keeping software up to date. However, updating software as a reactive practice cannot save the initial victim of an attack — also known as the “sacrificial lamb.” This has many organizations looking to alternative security approaches, such as the zero-trust framework, XDR and prevention-first AI.

At the end of 2020, a supply chain attack against SolarWinds made international headlines. The same style of attack reemerged in 2021, when Kaseya’s VSA software was compromised, ultimately affecting over 1,000 businesses. Supply chain attacks often rely on the trust already established between providers and customers to propagate — offering another strong case for adopting a zero-trust framework. While cyberattacks on large organizations dominated the 2021 news cycle, small to medium-sized businesses (SMBs) also suffered countless attacks, both directly and through the supply chain. BlackBerry threat researchers discovered SMBs averaged 11 to 13 threats per device, a number much higher than large enterprises.

Threat actors owe their success in 2021 to a variety of factors. Many have learned to adapt and mimic private sector capabilities by using service providers, such as ransomware-as-a-service (RaaS), infrastructure-as-a-service (IaaS) and malware-as-a-service (Maas), to bolster malicious attacks. Others have created a layer of obfuscation between themselves and their targets by using IABs and impersonating other threat groups. New programming languages were exploited to some effect, with Go, D, Nim, and Rust making appearances across the threat landscape. Cobalt Strike remained active as a pivotal tool for command-and-control networks to proliferate malware and attacks.

Progress was made on integrating security into connected vehicles with the International Organization for Standardization, the Society of Automotive Engineers and the United Nations providing firm guidance to automakers. Mobile apps remained notoriously unsecured. The vulnerable SHAREit app, which allowed remote code execution, was downloaded more than one billion times. Recent studies found that 63% of tested mobile apps use open-source code known to be vulnerable. Adding to smartphone users’ woes, SMS phishing (smishing) attacks were up 300% in North America over the last year.

The cyberattacks of 2021 affected people at every level, from large organizations to individual cellphone users. Our internal reporting shows that every industry is open to cyberattacks. The same cybersecurity issues that threaten nonprofits are also risks for transportation companies, public organizations, utilities, healthcare organizations, and financial institutions, among others. It reminded the cybersecurity industry that no one is safe. When it comes to cyberattacks, there is zero immunity. However, there is cause for hope.

There are several cybersecurity innovations and approaches offering stronger protection to organizations. For example, organizations seeking effective new security measures should consider adopting a zero-trust framework. They could also use prevention-first technology, migrate to an XDR platform, or engage a managed XDR team. More on these and other critical topics of our day in my columns to come.

Read the full article in Security Magazine.

John McClurg

About John McClurg

Sr. Vice President and CISO at BlackBerry.

John McClurg serves as Sr. Vice President and CISO at BlackBerry. McClurg engages the industry around the globe on the risk challenges today and how BlackBerry uniquely mitigates them with the application of machine learning and other AI supported solutions. He champions a move from a historically reactive security posture, to one focused on proactively predicting and mitigating future risks.

Before BlackBerry, McClurg served as the Ambassador-At-Large of Cylance and as Dell's CSO, where his responsibilities included the strategic focus and tactical operations of Dell’s internal global security service. He was also charged with the advocacy of business resilience and security prowess, the seamless integration of Dell’s security offerings, and with improving the effectiveness and efficiency of security initiatives.

Before Dell, McClurg served as the VP of Global Security at Honeywell International; Lucent/Bell Laboratories; and in the U.S. Intel Community, as a twice-decorated member of the FBI, where he held an assignment with the U.S. Dept of Energy (DOE) as a Branch Chief charged with establishing a Cyber-Counterintelligence program within the DOE’s newly created Office of Counterintelligence.

Prior to that, McClurg served as an FBI Supervisory Special Agent, assisting in the establishment of the FBI’s new Computer Investigations and Infrastructure Threat Assessment Center, or what is today known as the National Infrastructure Protection Center within the Dept of Homeland Security.

McClurg also served on assignment as a Deputy Branch Chief with the CIA, helping to establish the new Counterespionage Group, and was responsible for the management of complex counterespionage investigations. He additionally served as a Special Agent for the FBI in the Los Angeles Field Office, where he implemented plans to protect critical U.S. technologies targeted for unlawful acquisition by foreign powers and served on one of the nation’s first Joint Terrorism Task Forces.