Malware Unleashed: Public Sector Hit in Sudden Surge, Reveals New ResearchMalware Unleashed: Public Sector Hit in Sudden Surge, Reveals New Research
Report unmasks recent cybersecurity challenges for governments, healthcare, financial services, and vital infrastructure.
August 28, 2023
Government and public service organizations experienced a 40% increase in cyberattacks during Q2 2023 compared with Q1, according to the latest "BlackBerry Global Threat Intelligence Report." These include public transit, utilities, schools, and other government services people rely on daily.
With limited resources and often immature cyber-defense programs, these publicly funded organizations are struggling against the double-pronged threat of attacks from nation-states and the criminal underground.
The latest edition of BlackBerry's quarterly cybersecurity benchmarking guide covers events between March and May 2023. It provides new information for the cybersecurity industry worldwide based on a detailed geopolitical analysis. BlackBerry observed and stopped 1.5 million attacks within the 90-day period.
Here are a few highlights from the report:
90 days by the numbers: From March 2023 to May 2023, threat actors deployed approximately 11.5 attacks per minute. These threats included roughly 1.7 novel malware samples per minute, a 13% increase from the previous reporting period's average. This increase demonstrates that attackers are diversifying their tools in an attempt to bypass defensive controls.
Most targeted industries: The healthcare and financial services industries continue to be among the most targeted sectors. Cybercriminals view the healthcare industry as a lucrative target because of the valuable data and critical services performed in the sector. Threat actors targeted the industry with ransomware and information stealers (infostealers).
Remote access increases cyber-risk: Financial institutions face persistent threats due to their economic significance and concentration of sensitive data. The report details these challenges, exacerbated by the growing availability of commodity malware for ransomware attacks and the rise in malware targeting digital and mobile banking services. Researchers uncovered mobile threats including data exfiltration, financial app spoofing, and SMS text interceptors.
Country-specific cyberattacks: In the second quarter of 2023, APT28 and the Lazarus Group — state-sponsored threat actors linked to Russia and North Korea, respectively — became extremely active. These actors typically target the United States, Europe, and South Korea and focus on targeting government agencies, military organizations, businesses, and financial institutions. They also frequently adapt their techniques to make their attacks harder to detect and defend against.
In keeping with the report's primary goal of providing actionable and contextual cyber-threat intelligence, readers will find a summary of the top 20 techniques used by threat groups during the period and a comparison to the previous quarter. The BlackBerry research team also utilized the MITRE D3FEND framework to develop a complete list of countermeasures for the techniques observed during the study period. Additionally, the report lists the most effective Sigma rules to detect malicious behavior, based on the 224,851 unique samples encountered and stopped by the BlackBerry Cylance® AI engine.
The global researchers within the BlackBerry Threat Research and Intelligence team are delivering cutting-edge, pioneering research. The report aims to enlighten and educate readers while continuously enhancing BlackBerry's data-centric and Cylance AI-driven offerings. We hope you will benefit from the detailed and actionable data in the "Q3 2023 Global Threat Intelligence Report."
About the Author
Ismael Valenzuela is Vice President of Threat Research & Intelligence at BlackBerry, where he leads threat research, intelligence, and defensive innovation. Ismael has participated as a security professional in numerous projects across the globe for over 20+ years, which included being the founder of one of the first IT security consultancies in Spain.
You May Also Like
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication MethodsOct 26, 2023
Modern Supply Chain Security: Integrated, Interconnected, and Context-DrivenNov 06, 2023
How to Combat the Latest Cloud Security ThreatsNov 06, 2023
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023
How to Deploy Zero Trust for Remote Workforce Security
What Ransomware Groups Look for in Enterprise Victims
How to Use Threat Intelligence to Mitigate Third-Party Risk
Concerns Mount Over Ransomware, Zero-Day Bugs, and AI-Enabled Malware
Securing the Remote Worker: How to Mitigate Off-Site Cyberattacks