BlackBerry’s inaugural Quarterly Threat Intelligence Report highlights the volume and model of treats across a range of organisations and regions, including industry-specific attacks targeting the automotive and manufacturing, healthcare and financial sectors.
In the 90 day period between September 1 and November 30 2022, BlackBerry says it stopped 1,757,248 malware-based cyberattacks. This includes 62 unique samples per hour, or one sample each minute. The most common cyber-weapons used in attacks include the resurgence of the Emotet botnet after a four-month dormancy period, the extensive presence of the Qakbot phishing threat, which hijacks existing email threads to convince victims of their legitimacy, and the increase in infostealer downloaders like GuLoader.
“Annual threat reports have been a fantastic way to provide insight into overall trends, but now more than ever, organisations need to make well-informed decisions and take prompt effective actions, using the latest actionable data,” said Ismael Valenzuela, Vice President, Threat Research & Intelligence at BlackBerry. “Our public and private reports are written by our top threat researchers and intelligence analysts, world-class experts that not only understand the technical threats but also the global and local geopolitical situation, and how it affects organisational threat models in each region. This expertise allows us to provide actionable and contextualised threat intelligence to increase cyber resilience and to enable mission and business objectives.”
Other revelations from the report include:
- MacOS is not immune. It is a common misconception that macOS is a “safe” platform due to it being used less among enterprise systems. However, this could be lulling IT managers into a false sense of security. BlackBerry explores the pernicious threats targeting macOS, including malicious codes that are sometimes even explicitly downloaded by users. In Q4, the most-seen malicious application on macOS was Dock2Master which collects users’ data from its own surreptitious ads. BlackBerry researchers noted that 34 percent of client organisations using macOS had Dock2Master on their network.
- RedLine was the most active and widespread infostealer in this last quarter. Post-pandemic work models have necessitated the need for businesses to support remote and hybrid employees, putting corporate credentials at greater risk of attack from malicious actors than ever before. RedLine is capable of stealing credentials from numerous targets including browsers, crypto wallets, and FTP and VPN software, among others, and selling them on the black market. Cybercriminals and nation state threat actors rely on initial access brokers trading stolen credentials. RedLine is one of them providing initial access to another threat actors.