Published on October 29, 2023, 9:25 pm
The research and intelligence team at BlackBerry has recently disclosed that they were able to identify and thwart almost 1.8 million malware-based cyberattacks between September 1 and November 30 of the previous year. This translates to an astonishing rate of 62 unique samples per hour, which is equivalent to encountering one sample every minute.
Among the most prevalent cyber-weapons employed in these attacks are the resurgent Emotet botnet, which had a four-month dormancy period before becoming active again. Another significant threat was Qakbot phishing, known for hijacking existing email threads to deceive victims into believing their legitimacy. Additionally, infostealer downloaders like GuLoader saw an increase in usage during this period.
These revelations are part of BlackBerry’s Global Threat Intelligence Report that sheds light on the scale and patterns of threats across various industries and regions. Specifically, there has been a surge in industry-specific attacks targeting sectors such as automotive and manufacturing, healthcare, and finance.
To address these growing concerns and provide deeper insights into lesser-discussed industries, BlackBerry leverages its unique position in the cyber and IoT markets. According to Ismael Valenzuela, Vice President of Threat Research & Intelligence at BlackBerry, they analyze the current threat landscape affecting different sectors while also predicting future trends that impact automotive, manufacturing, financial services, and healthcare.
Some key highlights from the report include dispelling misconceptions about macOS being safe from threats due to its comparatively lower adoption among enterprises. The report revealed that macOS systems are not immune to attacks. In fact, malicious codes explicitly downloaded by users pose serious risks. One notable example is Dock2Master, an application frequently observed on macOS networks that collects user data through surreptitious ads. Surprisingly, around 34 percent of client organizations using macOS had Dock2Master on their networks.
Another significant finding highlighted RedLine as the most widespread infostealer during the last quarter. Given the shift towards remote and hybrid work models in a post-pandemic world, cybercriminals now have greater opportunities to target corporate credentials. RedLine specializes in stealing credentials from various sources, including browsers, crypto wallets, FTP, and VPN software. These stolen credentials are then sold on the black market. The report also emphasized that cybercriminals and nation-state threat actors rely on initial access brokers who trade stolen credentials. RedLine is one such provider, facilitating access for other threat actors.
In response to the demand for timely threat intelligence reports, BlackBerry has transitioned from an annual release schedule to a quarterly cadence. This allows them to keep pace with the rapid evolution of adversaries and provides businesses with a more comprehensive understanding of the ever-changing threat landscape. With this knowledge, organizations can better prepare themselves and implement appropriate security measures.
As cybersecurity threats continue to evolve and become increasingly sophisticated, it is imperative for enterprises across all industries to remain vigilant and proactive in their approach towards securing their digital assets. By leveraging insights from reports such as BlackBerry’s Global Threat Intelligence Report, businesses can take strategic measures to enhance their cybersecurity posture and protect against emerging threats.