New Report Reveals Increase of Unique Malware and Sudden Surge of Public Sector Attacks
The just-released BlackBerry Global Threat Intelligence Report reveals a 40% increase in cyberattacks against government and public service organizations versus the previous quarter. This includes public transit, utilities, schools, and other government services we rely on daily.
With limited resources and often immature cyber defense programs, these publicly funded organizations are struggling against the double-pronged threat of attacks from both nation-states and the criminal underground.
These are just a few of the findings contained in the latest edition of BlackBerry’s quarterly cybersecurity benchmarking guide.
The report, covering events between March and May 2023, provides new information for the cybersecurity industry worldwide based on a detailed geopolitical analysis. BlackBerry observed and stopped 1.5 million attacks within the 90-day period. Here are a few additional highlights from the report:
- 90 days by the numbers: From March 2023 to May 2023, threat actors deployed approximately 11.5 attacks per minute. These threats included roughly 1.7 novel malware samples per minute, indicating a 13% increase from the previous reporting period’s average. This increase demonstrates that attackers are diversifying their tools in an attempt to bypass defensive controls.
- Most targeted industries: The healthcare and financial services industries continue to be among the most targeted sectors. Cybercriminals view the healthcare industry as a lucrative target because of the valuable data and critical services performed in the sector. As a result, threat actors targeted the industry with both ransomware and infostealers.
- Remote access increases cyber risk: Financial institutions face persistent threats due to their economic significance and concentration of sensitive data. The report details these challenges, exacerbated by the growing availability of commodity malware ransomware attacks, and the rise in malware targeting digital and mobile banking services. Researchers uncovered mobile threats like data exfiltration, financial app spoofing, SMS text interceptors, and more.
- Country-specific cyberattacks: In the second quarter of 2023, APT28 and the Lazarus Group — state-sponsored threat actors linked to Russia and North Korea, respectively — became extremely active. These actors typically target the United States, Europe, and South Korea, with a focus on targeting government agencies, military organizations, businesses, and financial institutions. They also frequently adapt their techniques to make their attacks harder to detect and defend against.
In keeping with the report’s primary goal of providing actionable and contextual cyber threat intelligence, readers will find a summary of the Top 20 techniques used by threat groups during the period, and a comparison to the previous quarter. The BlackBerry research team also utilized the MITRE D3FEND™ framework to develop a complete list of countermeasures for all the techniques observed during the study period. Additionally, the report lists the most effective Sigma rules to detect malicious behavior, based on the 224,851 unique samples encountered and stopped by the BlackBerry Cylance® AI engine.
I’d like to thank our elite team of global researchers on the BlackBerry Threat Research and Intelligence team for continuing to produce world-class, first-to-market research that informs and educates our readership, while relentlessly improving BlackBerry’s data- and Cylance AI-driven products and services. We hope you will find value in the detailed and actionable data presented in our latest edition.
Meet the BlackBerry team responsible for this report in person, and discuss their findings, at Black Hat 2023 in Las Vegas.