New BlackBerry Threat Report Uncovers Tactic that Amplifies Cyberattack Success and Severity
Threat researchers at BlackBerry just revealed the scope and scale of a cyberattack technique that increases the odds threat actors can slip past traditional cyber defenses and breach organizations and individuals alike.
The technique involves creating new malware — and editing versions of existing malware. "Minor altering of a piece of malware might not seem very sophisticated, but it contributes to an overwhelming increase in the success and severity of attacks," says Ismael Valenzuela, Vice President of Threat Research and Intelligence at BlackBerry.
The use of this attack technique is surging like never before.
Novel Malware Attacks Increase Exponentially
The BlackBerry Threat Research and Intelligence Team tracked an exponential increase in cyberattacks utilizing novel malware, and they explored their findings in the September 2024 Global Threat Intelligence Report and the related Global Threat Intelligence Report Deep Dive webinar.
Researchers analyzed 3.7 million attacks blocked by BlackBerry® cybersecurity tools and services during the second quarter of 2024. Overall attacks increased by 18% versus the previous quarter.
Even more significantly, researchers detected and blocked an average of 11,500 unique malware samples each day, marking a 53% increase from the previous quarter. As you can see in the chart below, this is a rapid escalation of an upward trend BlackBerry is tracking.
Factors Feeding the Unique Malware Increase
What factors drive this surge in malware variants that have never been seen before?
For one thing, Valenzuela says, you can look to the evolution of the cyber threat landscape. "New threat groups are emerging, and as legacy threat groups survive takedown attempts, they both focus on developing new malware."
Unique malware poses a big problem for organizations that rely on traditional antivirus (AV) products for protection. The trendlines also follow the emergence of generative AI tools and its growing adoption in many sectors of society. However, Valenzuela points out there are many free and publicly available tools that threat actors also use to create or alter malware.
“Traditional defenses are usually based on static virus signatures,” says Valenzuela, in BlackBerry’s latest white paper on generative AI. “Attackers can leverage simple automation scripts that create new pieces of malware (aka unique hashes) by compiling the same source code with minimal variations over and over again.”
Malware Surge Demands Mature AI Cyber Defenses
This surge of unique malware overwhelms signature-based cyber defenses and other cybersecurity tools that require frequent updates. Before updates, or between them, previously unseen malware can slip through because legacy cybersecurity tools may fail to detect them.
Mature AI solutions, like CylanceENDPOINT™, utilize predictive AI built on incredibly robust models able to rapidly spot and block previously unseen threats. Read how this unfolds in Predictive AI in Cybersecurity: What Works and How to Understand It.
Six Additional Findings from the New BlackBerry Report
The BlackBerry® Global Threat Intelligence Report paints an in-depth picture of today’s cyber threat landscape and includes updates on attack trends from the BlackBerry Incident Response Team, the CylanceMDR™ Team, and a trusted law-enforcement partner, the Royal Candian Mounted Police’s National Cybercrime Coordination Centre (NC3).
In addition, here are six significant high-level findings from the report.
1. Geopolitical Tensions Fuel Cyberattacks
Geopolitical conflicts such as those between Russia and Ukraine, Israel and Hamas, and tensions in the South China Seas have significantly contributed to a rise in cyber warfare. Additionally, with many countries holding national elections, disinformation and cyber disruptions have become prominent concerns for electoral authorities.
2. Critical Infrastructure Under Siege
Geopolitical hostilities have exacerbated the rise in attacks against critical infrastructure worldwide. These attacks saw the most significant use of unique malware this quarter compared to other industries, although such attacks were lower in volume overall. BlackBerry's telemetry indicates that threat actors prioritize unique malware in attacks against critical infrastructure due to its higher likelihood of success.
3. Increase in Commercial Enterprise Attacks
The report highlights a 58 percent increase in attacks on commercial enterprises. With the proliferation of enterprise devices—from point-of-sale terminals to mobile phones, scanners, and printers—cyber attackers have more entry points to exploit. The manufacturing sector, commercial and professional services, and retail are particularly vulnerable. Capital goods, including manufacturing equipment and office machinery, accounted for 66 percent of all 'attacks stopped' in this category.
4. Advancements in Deepfake Technology
Deepfake technology—digitally manipulated images, videos, or audio—is being used to deceive recipients into believing communications are from trusted sources. These deepfakes are becoming increasingly convincing, contributing to a rise in social engineering attacks. Read the new BlackBerry white paper Deepfakes Unmasked to learn more about the growing sophistication of this technology.
5. The Weaponization of Chaos
Cybercriminals thrive in times of disruption—be it wars, natural disasters, IT outages, or significant communication breakdowns. The report notes that moments of instability, such as the recent U.S. election shakeups and the CrowdStrike outage, provide ample opportunities for cybercriminals to exploit confusion and misinformation using phishing emails, misleading social media posts, and malicious software.
6. Emergence of New Cybercriminal Threats
While established cybercriminal groups like LockBit remain significant threats, emerging ransomware groups such as BlackSuit and Space Bears are rapidly gaining notoriety. The BlackBerry Threat Intelligence and Research Team predicts these new threat actors will continue developing more sophisticated attack methodologies. A rise in new malware and infostealers indicates that private data will remain highly coveted by cybercriminals, with sectors like healthcare and financial services being prime targets.
The September 2024 BlackBerry Global Threat Intelligence Report is worth the read and worth sharing because it can help your organization, and others, become more secure.