Top Cyberattack Targets Revealed in New Global Threat Intelligence Report
We recognize that in today’s world, security leaders must expand their focus beyond technologies and their vulnerabilities. To effectively manage risk, security leaders must continually analyze the global threat landscape and understand how business decisions can influence their organization’s threat profile. Similarly, business leaders require awareness of their security posture, risk exposure, and cyber defense strategy that can affect business operations.
Through the BlackBerry Global Threat Intelligence Report and our professional CylanceINTELLIGENCE™ subscription service, modern leaders can have timely access to this important information. Based on the telemetry obtained from our own artificial intelligence (AI)-driven products and analytical capabilities, and complemented by other public and private intelligence sources, our global BlackBerry Threat Research and Intelligence team provides actionable intelligence about attacks, threat actors, and campaigns so that you can make well-informed decisions and take prompt, effective actions.
This is precisely what we have worked to distill into the concise quarterly report that I am pleased to release publicly today. To create this new Global Threat Intelligence Report, the team analyzed more than 1.5 million stopped cyberattacks, occurring between Dec. 1, 2022, and Feb. 28, 2023. Below are some of the highlights.
Key Report Highlights
- 90 days by the numbers: From December 2022 to February 2023, we observed up to 12 attacks per minute, and the number of unique attacks using new malware samples skyrocketed by 50 percent — from one per minute in the previous report to 1.5 per minute during this reporting period.
- Top ten countries experiencing cyberattacks during this period: The U.S. remains the country with the highest number of stopped attacks. However, the threat landscape has changed, and Brazil has just emerged as the second most-targeted country, followed by Canada and Japan. Singapore entered the top 10 for the first time.
- Most targeted industries by number of attacks: According to BlackBerry telemetry, 60% of all malware-based cyberattacks targeted customers in the financial sector, healthcare services, and food and staples retailing industries.
- Most common weapons: Droppers, downloaders, remote access tools (RATs), and ransomware were most frequently used. Here’s a preview: During the data collection period, BlackBerry observed: a targeted attack using Warzone RAT against a Taiwanese semiconductor manufacturer; cybercriminal groups using Agent Tesla and RedLine Infostealer; and widened use of BlackCat ransomware.
- Industry-specific attacks: The healthcare industry faced a significant number of cyberattacks during this period, with CylanceENDPOINT™ Security preventing an average of 59 new malicious samples every day, including an increasing number of new Emotet samples. During the 90-day period ending in February, financial institutions worldwide protected by BlackBerry® technologies blocked more than 231,000 attacks including up to 34 unique malware samples per day. Additionally, this report dives deep into attacks against government entities, manufacturing, and critical infrastructure, key sectors that are often targeted by sophisticated and sometimes state-sponsored threat actors, engaging in espionage and intellectual property campaigns. However, as we reveal in this report, crimeware and commodity malware are also often found in these critical industries
The report also covers notable threat actors and cyber weapons, most consequential attacks, and — most importantly — it also provides actionable defensive countermeasures, in the form of MITRE ATT&CK® and MITRE D3FEND™ mappings deployed during this period. Finally, we offer an analysis of the forecasting accuracy of our previous report, and a list of insightful key takeaways based on the events of the past months.
We hope that you will value all the detailed and actionable data presented in this new report. Once again, I would like to express my gratitude to the authors, the highly skilled global researchers on the BlackBerry Threat Research and Intelligence team. Their ongoing efforts to produce cutting-edge research empower us to continuously improve BlackBerry’s data- and Cylance® AI-driven products and services.