Top 5 Cyberattack Targets: Industries Most Likely to Be Attacked
Which industries are most often attacked in cyberspace? The latest BlackBerry Global Threat Intelligence Report answers this question by analyzing millions of cyberattacks against various industry sectors.
BlackBerry® cybersecurity solutions stopped more than 5.2 million cyberattacks in 120 days between Sept. 1 and Dec. 31, 2023. The number of cyberattacks increased 19% versus the previous reporting period.
Our threat researchers analyzed this data to uncover many significant trends in cyber threat activities, including a significant surge in unique malware that attackers are using today.
Most Attacked Industries in Cyberspace
Results of our analysis reveal the industries that cyber threat actors attack most often. Overall, the top five industries targeted by cyberattacks are:
Finance (50% of attacks)
Healthcare (20%)
Government & Public Sector (18%)
Food (4%)
Utilities (4%)
Cyberattacks Against the Finance Industry
Why is the finance sector attacked more often than other industry verticals? The potential for substantial financial gains is one reason, and so is the opportunity to exfiltrate sensitive customer data.
BlackBerry cybersecurity solutions stopped more than two million cyberattacks against the financial sector during the reporting period.
Most attacks on the finance sector utilized previously detected " off-the-shelf” or commodity malware. However, 21% of the attacks utilized unique malware.
The finance sector's challenge of navigating through a complex and lengthy approval process for software updates remains a critical vulnerability.
This procedural delay often leaves systems exposed to unpatched vulnerabilities, granting cybercriminals an ample window of time to exploit these weaknesses for substantial financial gain and sensitive data exfiltration.
Cyberattacks Against Healthcare
The healthcare sector, overall, was the second most frequently attacked. It faces cyberattacks due to its critical role in society, which leads to a higher likelihood of ransom payment following a successful ransomware attack.
Threat actors used unique malware against the healthcare sector 9% of the time.
Healthcare's digital storage of sensitive patient data and status as an essential service heightens its appeal to ransomware groups aiming for maximum financial exploitation.
The rise of malware-as-a-service (MaaS) and ransomware-as-a-service (RaaS) has led to more sophisticated attacks on healthcare, significantly threatening data security and operations.
Cyberattacks Against Government and the Public Sector
Government and public entities are prime targets for cyber threats due to the highly sensitive data they hold and their crucial role in security and public safety. Collectively, they were the third most often attacked vertical during the reporting period.
The motivations behind attacks on government entities range from financial motives to geopolitical strategies. They attract a mix of state-sponsored and criminal actors, signifying a complex threat landscape.
Governments and the public sector are the most likely to be attacked with unique malware. The research revealed that more than one in three attacks (36%) against this sector involved unique hashes.
What is Unique Malware?
“Attackers craft new malware hashes, building them from scratch or modifying existing malware to give it a better chance of infiltrating its target,” says Ismael Valenzuela, Vice President of Threat Research and Intelligence at BlackBerry.
“Novel malware is typically used when the attacker has a high interest in a very specific organization or sector. It is intended to evade defenses, which are often traditional defenses based on static signatures,” he adds. “Attackers can leverage simple automation scripts that create new pieces of malware (a.k.a. unique hashes) by compiling the same source code with minimal variations over and over again.”
Another Way to View the Most Attacked Industry Verticals
The most recent BlackBerry Global Threat Intelligence Report took a new approach to analyzing the most frequent cyberattack targets. Our threat researchers explain the change: “We shifted the focus towards critical infrastructure by consolidating several key industry sectors, which were historically discussed separately, into a single section. This is to align our definitions of critical infrastructure with those of the Cybersecurity and Infrastructure Security Agency (CISA). Based on the charts below, over 62 percent of the attacks against industries recorded by BlackBerry were against critical infrastructure organizations. We’ve also revamped our telemetry to include commercial enterprises, which accounted for 33 percent of all attacks against industries stopped during this period.”
More About the Latest BlackBerry Threat Report
The March 2024 edition of the BlackBerry Global Threat Intelligence Report offers a detailed examination of prevalent threats, the distribution of attacks across industries and regions, and an overview of effective countermeasures aligned with MITRE techniques. This edition is full of actionable insights for cyber defenders. Download the complete report, here.