Intelligence about the changing threat landscape helps forward-thinking MSSPs design strategies to keep enterprise assets safe and help customers (and potential customers) recognize the value that an MSSP provides.
To support MSSPs and the cybersecurity community at large, the Global Threat Intelligence Report from BlackBerry contains information and insights about ongoing, current, and emerging threats.
To follow are a few of the highlights from the current report, which covers the period from December 2022 to February 2023.
New Malware Samples Increase by 50%
During this reporting period, BlackBerry protected customers worldwide from more than 1.5 million cyberattacks, at an average of more than 17,000 attacks per day or about 12 attacks per minute. These threats included more than 200,000 new malware samples, which translates to an average of around 2,250 novel samples per day, or roughly 1.5 new samples a minute. This represents a 50% increase over the previous quarter’s results.
Malware was detected on every kind of device and operating system, and the widespread availability and low cost of malware-as-a-service (MaaS) and ransomware-as-a-service (RaaS) continued making it easier for threat actors without significant technical skills to launch attacks.
Notable Trends and Developments
Some of the notable trends discussed in the report include:
- Geopolitically motivated attacks. The BlackBerry Threat Research and Intelligence team published findings about a new campaign from a Russian state-sponsored group using geolocation to ensure that targeted phishing lures were only delivered to IP addresses within Ukraine. In Pakistan, a previously unknown threat actor targeted potential exhibitors for a Pakistan Navy-sponsored technology conference. In Israel, a university was attacked by new strain of ransomware that delivered a ransom note containing anti-government and anti-Israeli messaging. Russia-linked malware attacks on energy industry targets in the United States may have been politically motivated as well.
- Worldwide ransomware outbreak targeting unpatched servers. In February 2023, a massive ransomware outbreak began targeting unpatched VMware ESXi servers. Some reports estimate that it encrypted several thousand servers on the first day of operation alone.
- ChatGPT and AI-aided threats. Cybercriminals began publicly discussing and testing ChatGPT’s potential just a few weeks after its November 2022 release. ChatGPT and other emerging tools can help write malicious code; create compelling deepfakes and phishing lures; and identify potentially valuable files on target systems. BlackBerry research during this reporting period revealed that 51 percent of IT professionals predict that a successful cyberattack using ChatGPT will occur within a year.
Detailed information about all trends and developments including a discussion of SEO poisoning is in the complete Global Threat Intelligence Report.
Spotlight on Global Industries
Insights into the threat landscape for five global industries include the following:
- Financial. Worldwide, financial institutions were targeted by ransomware and by infostealers that collect and exfiltrate information from victims’ machines—including access credentials—to sell on the black market. MaaS and RaaS attacks continued to grow because commodity malware is easy to access, affordable, and proven successful.
- Healthcare. Threats to healthcare providers and services this quarter included a botnet-operated dropper and downloader, infostealers, and ransomware. Notable attacks included a December ransomware attack on a children’s hospital that delayed patient lab work and imaging, disabled phone lines, and shut down the staff payroll system for two weeks before the threat actor apologized and provided the decryptor at no charge.
- Manufacturing. Industry-wide threats included ransomware as well as Trojanized crypto miners attempting to highjack powerful operational technology (OT) computing resources. On a positive note, a security researcher discovered a vulnerability in an auto manufacturer’s supply-chain management software, which was resolved before it could be exploited because the researcher promptly reported their findings to the manufacturer.
- Energy. A ransomware group targeted a privately owned U.S. natural gas and oil producer and successfully took down a Colombian energy supplier’s online systems. Russia-linked malware attacks against U.S. energy industry targets included attempts to compromise industrial control systems (ICS) in electrical power and natural gas infrastructure.
- Government and public services. Commodity infostealers, open-source threats, and threats spread by infected USB devices were observed targeting government organizations and agencies worldwide.
Want More Global Threat Intelligence?
The full Global Threat Intelligence Report includes more details about the above topics and additional information that includes:
- Prevalent Windows, Mac, and Linux malware
- Notable threat actors and attacks
- Forecasts for the next 12 months and an analysis of last quarter’s forecasts
- Actionable defensive countermeasures including Sigma rules and MITRE ATT&CK techniques and tactics
To read the full report, click here.
To stay on the forefront of developing cybersecurity trends, check out CylanceINTELLIGENCE™ from BlackBerry. Based on telemetry from AI-driven products and complemented by public and private intelligence sources, the global BlackBerry Threat Research and Intelligence team delivers timely analysis and actionable intelligence about attacks, threat actors, and campaigns so you can help customers make well-informed decisions, reduce risk, and protect resources.
Find out more about partnering with BlackBerry and becoming an MSSP here.
Guest blog courtesy of BlackBerry Cylance. Read more BlackBerry Cylance blogs here. Regularly contributed guest blogs are part of MSSP Alert’s sponsorship program.