Announcing the New BlackBerry Global Threat Intelligence Report

Threat intelligence is “the art of taking the adversary by surprise.” In fact, anticipating, mitigating, and preventing cyberattacks is the primary mission of a practical threat intelligence program.

Achieving this goal requires a proactive approach; one that answers critical questions like the following: Which threat actors are most likely to impact my organization? What are their motivations, goals, and capabilities? How do they behave, and what cyber weapons do they use to achieve those goals? And most importantly, what actionable countermeasures can I deploy to improve my organization’s cyberdefense capabilities?

To help your organization answer these questions, our team is proud to release our first BlackBerry Cybersecurity Global Threat Intelligence Report. The mission of this report is to deliver actionable and contextualized intelligence to increase your organization’s cyber resilience.

In this first edition, you’ll hear from our threat researchers and intelligence analysts on the BlackBerry Threat Research and Intelligence team. They are world-class experts who understand the technical threats, as well as local and global geopolitical developments, and their impact on organizations like yours.

To produce this report, the team leveraged data and telemetry obtained from our own award-winning artificial intelligence (AI)-driven products and in-house analytical capabilities, complemented by other public and private intelligence sources.

Report highlights include:

• 90 days by the numbers: An overview of the 90-day reporting period covered in this quarterly report, providing statistics such as the number of unique malware samples that BlackBerry prevented from impacting our customers, and the geographical distribution of those attacks. Here’s a preview: Our technology stopped an average of 62 new malicious samples per hour during the period, or approximately one new sample per minute.

• Most common weapons: Information about the most common weapons used in cyberattacks, including the resurgence of malicious loaders like Emotet, Qakbot’s extensive presence on the cyberthreat landscape, and the increase in downloaders like GuLoader.

• Remote access increases infostealers: With the post-pandemic rise of remote and hybrid work, the need to access internal networks from the outside has become widespread. Attackers are taking advantage of new remote access possibilities by using information stealers (infostealers) to steal corporate credentials, often to sell them on the black market. Our report discusses some of the most prevalent and widespread infostealers we saw deployed during this time period.

• No platform is “safe”: Threat actors have multiple strategies for targeting different server, desktop, and mobile platforms. For example, despite prevailing opinion, macOS® is no longer a “safer” platform than Windows®: macOS malware and vulnerabilities abound. Neither is Linux® a safe haven from attackers: Our coverage examines the trending number of attacks against Linux platforms. We also detail the way that less mainstream programming languages like GoLang are being used to develop cross-platform malware, and we provide an in-depth analysis of threats affecting mobile devices running Android™ and iOS®.

• Unique industry perspective: Due to BlackBerry’s strong presence across both the cybersecurity and Internet of Things (IoT) markets, we are uniquely positioned to uncover threats to embedded systems, and “heavy industry” sectors such as automotive and manufacturing, which are seldom discussed in other threat reports. In particular, this edition includes information about cybersecurity trends we observed that will impact the automotive industry, as well as the healthcare and financial sectors.

• Top threat actors and countermeasures: Our telemetry also revealed additional insights on the latest activities of many different threat actors. The report includes information about some of their most common tactics, techniques, and procedures (TTPs), as well as links to public lists of applied countermeasures mapped to MITRE ATT&CK® and MITRE D3FEND™ frameworks. Our goal is to make it easier to update your organizational defenses and threat models based on this actionable information.
  

• Looking ahead: We present our conclusions and cyberthreat forecast for 2023.

Please join our team, live via LinkedIn, as we explore highlights of the report during the BlackBerry LIVE broadcast on Jan. 26, 2023, at 3:30 p.m. EST. The conversation will be available on-demand immediately following the broadcast.

I encourage you to read our new BlackBerry Global Threat Intelligence Report. Defending your organization against malware and cyberattacks requires in-depth knowledge of how threat actors are targeting your industry, the tools that they use, and their possible motivations. This detailed knowledge provides contextual, anticipative, and actionable cyberthreat intelligence that can reduce the impact of threats on your organization.  

Related Reading

• Gamaredon (Ab)uses Telegram to Target Ukrainian Organizations
• Emotet Returns With New Methods of Evasion
• ChatGPT and Cybersecurity: What Does It Mean?