The threat research and intelligence team from BlackBerry has identified and stopped nearly 1.8 million malware-based cyberattacks over a three-month period between September 1 and November 30 last year. This 62 unique samples per hour, or one sample each minute.
The most common cyber-weapons used in these attacks include the resurgence of the Emotet botnet after a four-month dormancy period; the extensive presence of the Qakbot phishing threat, which hijacks existing email threads to convince victims of their legitimacy; and, the increase in infostealer downloaders like GuLoader.
These are some of the key takeaways from BlackBerry’s Global Threat Intelligence Report, which emphasised the volume and model of threats across a range of organisations and regions, including industry-specific attacks targeting the automotive and manufacturing, healthcare and financial sectors.
The report includes analysis of GuLoader and the BlackCat ransomware group that targets small-to-medium sized enterprises, largely in the manufacturing sector, and threatens victims to leak compromised data to further extort their ransom.
“BlackBerry is uniquely positioned to uncover threats that affect industries that aren’t often discussed in other threat reports,” said Ismael Valenzuela, vice president, threat research & intelligence at BlackBerry.
He added: “With our strong presence in both the cyber and IoT markets, We provide insights into the current threat landscape and trends for the future that affect the automotive and manufacturing industries, along with financial and healthcare. “
Highlights from the report include:
MacOS is not immune. It is a common misconception that macOS is a “safe” platform due to it being used less among enterprise systems. However, this could be lulling IT managers into a false sense of security.
BlackBerry explores the pernicious threats targeting macOS, including malicious codes that are sometimes even explicitly downloaded by users. In Q4, the most-seen malicious application on macOS was Dock2Master which collects users’ data from its own surreptitious ads. BlackBerry researchers noted that 34 percent of client organizations using macOS had Dock2Master on their network.
RedLine was the most active and widespread infostealer in this last quarter. Post-pandemic work models have necessitated the need for businesses to support remote and hybrid employees, putting corporate credentials at greater risk of attack from malicious actors than ever before.
RedLine is capable of stealing credentials from numerous targets including browsers, crypto wallets, and FTP and VPN software, among others, and selling them on the black market. Cybercriminals and nation state threat actors rely on initial access brokers trading stolen credentials. RedLine is one of them providing initial access to another threat actors.
Meanwhile, after the success and continued demand for its annual threat report, BlackBerry has switched to a quarterly cadence to match the speed adversaries evolve to provide a more holistic view of the threat landscape, helping businesses to prepare and protect themselves accordingly.