This article is provided by BRC Associate Member BlackBerry.
__________________________
In this 90-day reporting period, BlackBerry protected our customers from more than 1.7 million cyberattacks. Malware was detected on every kind of device (including servers, desktops, laptops, and mobile devices) and every operating system (Windows®, Linux®, macOS®, Android™, and iOS®). Types of threats included downloaders, ransomware, infostealers, file infectors, remote access Trojans, adware, spyware, browser hijackers, proxy malware, bots and botnets, and more.
Different industries experienced different numbers and types of attacks. The automotive industry is an increasingly attractive target because of the growing number of potentially vulnerable softwaredriven features that range from keyless entry and infotainment systems to fully autonomous driving. Because the automotive industry encompasses thousands of different businesses that provide raw materials or manufacture components, both the physical supply chain and the software supply chain supporting automotive vendors must be protected from increasing attacks.
Healthcare organizations are frequently targeted for their confidential data as well as their critical need to prevent disruption of their operating infrastructure. Notably, this year included a ransomware attack that hobbled the second-largest hospital chain in the United States. The financial industry was also a common target for independent and nation-statesponsored cyber criminals. Threats included initialaccess infostealers, attacks related to crypto mining, and attacks on Linux ecosystems.
Attacks spanned the globe, including the Americas, Asia-Pacific, and Europe, with Eastern Europe emerging as a popular target because of the war in Ukraine. This quarter saw threats from wellknown organizations as well as new groups that are growing rapidly. For example, the emerging ALPHV group is building on its extortion techniques and use of the Rust programming language to develop custom exploits targeting Windows and Linux platforms. Nation-state-sponsored groups continue targeting dissidents and journalists with politically motivated threats.
Notable attacks in Q4 include DJVU ransomware; phishing attacks that resulted in creation of impersonations of legitimate news outlets as well as efforts to enter a government portal. Threat actors are increasingly using legitimate software including pen testing tools and Cobalt Strike to identify vulnerabilities. Use of the Go programming language (GoLang) is rising because its support for concurrent operations speeds attacks. Spoofs of popular software packages delivered remote access Trojans (RATs), including some that target the Ukrainian military. And, we saw steganography used to deliver a malicious payload within a PNG image.
In the next 90 days, we are likely to see an increase in politically motivated cyberattacks in Eastern Europe as well as attacks on critical infrastructure around the world. In the Americas, mobile spyware attacks are likely to rise. And, as always, threat actors will continue efforts to compromise businesses, nonprofits, and governments, notably through their growing cloud infrastructure. BlackBerry remains committed to providing organizations with the ability to defend their expanding threat surfaces with holistic prevention-first cybersecurity solutions.
To view more actionable and contextualized intelligence to increase your cyber resilience, read the full report.