Malware Unleashed: Public Sector Hit in Sudden Surge, Reveals New Report

The just-released BlackBerry Global Threat Intelligence Report reveals a 40% increase in cyberattacks against government and public service organizations versus the previous quarter. This includes public transit, utilities, schools, and other government services we rely on daily.

With limited resources and often immature cyber defense programs, these publicly funded organizations are struggling against the double-pronged threat of attacks from both nation-states and the criminal underground.

These are just a few of the findings contained in the latest edition of BlackBerry’s quarterly cybersecurity benchmarking guide.

Covering events between March and May 2023, provides new information for the cybersecurity industry worldwide based on a detailed geopolitical analysis. BlackBerry observed and stopped 1.5 million attacks within the 90-day period.

Here are a few highlights in the report:

• 90 days by the numbers: From March 2023 to May 2023, threat actors deployed approximately 11.5 attacks per minute. These threats included roughly 1.7 novel malware samples per minute, indicating a 13% increase from the previous reporting period’s average. This increase demonstrates that attackers are diversifying their tools in an attempt to bypass defensive controls.
• Most targeted industries: The healthcare and financial services industries continue to be among the most targeted sectors. Cybercriminals view the healthcare industry as a lucrative target because of the valuable data and critical services performed in the sector. As a result, threat actors targeted the industry with both ransomware and infostealers.
• Remote access increases cyber risk: Financial institutions face persistent threats due to their economic significance and concentration of sensitive data. The report details these challenges, exacerbated by the growing availability of commodity malware ransomware attacks, and the rise in malware targeting digital and mobile banking services. Researchers uncovered mobile threats like data exfiltration, financial app spoofing, SMS text interceptors, and more.
• Country-specific cyberattacks: In the second quarter of 2023, APT28 and the Lazarus Group — state-sponsored threat actors linked to Russia and North Korea, respectively — became extremely active. These actors typically target the United States, Europe, and South Korea, with a focus on targeting government agencies, military organizations, businesses, and financial institutions. They also frequently adapt their techniques to make their attacks harder to detect and defend against.

In keeping with the report’s primary goal of providing actionable and contextual cyber threat intelligence, readers will find a summary of the Top 20 techniques used by threat groups during the period, and a comparison to the previous quarter. The BlackBerry research team also utilized the MITRE D3FEND™ framework to develop a complete list of countermeasures for all the techniques observed during the study period. Additionally, the report lists the most effective Sigma rules to detect malicious behavior, based on the 224,851 unique samples encountered and stopped by the BlackBerry Cylance® AI engine.

Appreciation goes out to our esteemed team of global researchers within the BlackBerry Threat Research and Intelligence team. Their consistent efforts in delivering cutting-edge, pioneering research serve to enlighten and educate our readership while simultaneously driving the continuous enhancement of BlackBerry’s data-centric and Cylance AI-driven offerings. The value embedded in the detailed and actionable data presented within our latest edition is something we truly hope you will discover.

Read the Q3 2023 Global Threat Intelligence Report

Note: This article is expertly written and contributed by Ismael Valenzuela, Vice President of Threat Research & Intelligence at BlackBerry, leads threat research and innovation. With 20+ years of global experience, including founding one of Spain’s first IT Security consultancies, he’s a top cybersecurity expert. His deep technical expertise includes penetration testing, security architectures, intrusion detection, and computer forensics, providing consultancy to large government and private organizations.