Skip Navigation
BlackBerry Blog

Top Cyberattack Targets Revealed in New Global Threat Intelligence Report

We recognize that in today’s world, security leaders must expand their focus beyond technologies and their vulnerabilities. To effectively manage risk, security leaders must continually analyze the global threat landscape and understand how business decisions can influence their organization’s threat profile. Similarly, business leaders require awareness of their security posture, risk exposure, and cyber defense strategy that can affect business operations.

Through the BlackBerry Global Threat Intelligence Report and our professional CylanceINTELLIGENCE™ subscription service, modern leaders can have timely access to this important information. Based on the telemetry obtained from our own artificial intelligence (AI)-driven products and analytical capabilities, and complemented by other public and private intelligence sources, our global BlackBerry Threat Research and Intelligence team provides actionable intelligence about attacks, threat actors, and campaigns so that you can make well-informed decisions and take prompt, effective actions.

This is precisely what we have worked to distill into the concise quarterly report that I am pleased to release publicly today. To create this new Global Threat Intelligence Report, the team analyzed more than 1.5 million stopped cyberattacks, occurring between Dec. 1, 2022, and Feb. 28, 2023. Below are some of the highlights.

Key Report Highlights

  • 90 days by the numbers: From December 2022 to February 2023, we observed up to 12 attacks per minute, and the number of unique attacks using new malware samples skyrocketed by 50 percent — from one per minute in the previous report to 1.5 per minute during this reporting period.
  • Top ten countries experiencing cyberattacks during this period: The U.S. remains the country with the highest number of stopped attacks. However, the threat landscape has changed, and Brazil has just emerged as the second most-targeted country, followed by Canada and Japan. Singapore entered the top 10 for the first time.
  • Most targeted industries by number of attacks: According to BlackBerry telemetry, 60% of all malware-based cyberattacks targeted customers in the financial sector, healthcare services, and food and staples retailing industries.
  • Most common weapons: Droppers, downloaders, remote access tools (RATs), and ransomware were most frequently used. Here’s a preview: During the data collection period, BlackBerry observed: a targeted attack using Warzone RAT against a Taiwanese semiconductor manufacturer; cybercriminal groups using Agent Tesla and RedLine Infostealer; and widened use of BlackCat ransomware.
  • Industry-specific attacks: The healthcare industry faced a significant number of cyberattacks during this period, with CylanceENDPOINT™ Security preventing an average of 59 new malicious samples every day, including an increasing number of new Emotet samples. During the 90-day period ending in February, financial institutions worldwide protected by BlackBerry® technologies blocked more than 231,000 attacks including up to 34 unique malware samples per day. Additionally, this report dives deep into attacks against government entities, manufacturing, and critical infrastructure, key sectors that are often targeted by sophisticated and sometimes state-sponsored threat actors, engaging in espionage and intellectual property campaigns. However, as we reveal in this report, crimeware and commodity malware are also often found in these critical industries

The report also covers notable threat actors and cyber weapons, most consequential attacks, and — most importantly — it also provides actionable defensive countermeasures, in the form of MITRE ATT&CK® and MITRE D3FEND™ mappings deployed during this period. Finally, we offer an analysis of the forecasting accuracy of our previous report, and a list of insightful key takeaways based on the events of the past months.

We hope that you will value all the detailed and actionable data presented in this new report. Once again, I would like to express my gratitude to the authors, the highly skilled global researchers on the BlackBerry Threat Research and Intelligence team. Their ongoing efforts to produce cutting-edge research empower us to continuously improve BlackBerry’s data- and Cylance® AI-driven products and services. 

To learn more, download the Global Threat Intelligence Report and save the date for a LinkedIn Live event on May 12, 2023, at 10:30 a.m. ET where the BlackBerry Threat Research & Intelligence Team will be exploring highlights of the report. Follow BlackBerry on LinkedIn for more details.
For similar articles and news delivered straight to your inbox, subscribe to the BlackBerry Blog.
Ismael Valenzuela

About Ismael Valenzuela

Ismael Valenzuela is Vice President of Threat Research & Intelligence at BlackBerry, where he leads threat research, intelligence, and defensive innovation. Ismael has participated as a security professional in numerous projects across the globe for over 20+ years, which included being the founder of one of the first IT Security consultancies in Spain.

As a top cybersecurity expert with a strong technical background and deep knowledge of penetration testing, security architectures, intrusion detection, and computer forensics, Ismael has provided security consultancy, advice, and guidance to large government and private organizations, including major EU Institutions and US Government Agencies.

He holds many professional certifications, including the highly regarded GIAC Security Expert (GSE #132) in addition to GREM, GCFA, GCIA, GCIH, GPEN, GCUX, GCWN, GWAPT, GSNA, GMON, CISSP, ITIL, CISM, and IRCA 27001 Lead Auditor from Bureau Veritas UK.