According to the recent BlackBerry Global Threat Intelligence Report, government and public service organizations have experienced a significant increase in cyberattacks during the second quarter of 2023. These attacks targeted critical infrastructure such as public transit, utilities, schools, and other government services that people rely on daily. The report highlights the challenges faced by these publicly funded organizations, which often have limited resources and immature cyber-defense programs, leaving them vulnerable to attacks from both nation-states and the criminal underground.
The report covers the period between March and May 2023 and provides new information for the cybersecurity industry worldwide based on a detailed geopolitical analysis. During this 90-day period, BlackBerry observed and stopped a staggering 1.5 million attacks. This translates to threat actors deploying approximately 11.5 attacks per minute, with an increase of 13% in the deployment of novel malware samples compared to the previous reporting period. This increase in diversification of attack tools suggests that attackers are constantly evolving their techniques to bypass defensive controls.
The healthcare and financial services industries remain among the most targeted sectors, according to the report. Cybercriminals view the healthcare industry as a lucrative target due to the valuable data and critical services it provides. These threat actors primarily targeted the industry with ransomware and information stealers (infostealers). Financial institutions also face persistent threats due to their economic significance and concentration of sensitive data. The report highlights the growing availability of commodity malware for ransomware attacks and the increasing malware targeting digital and mobile banking services. Mobile threats such as data exfiltration, financial app spoofing, and SMS text interceptors were also uncovered by researchers.
The report further emphasizes the country-specific cyberattacks carried out by state-sponsored threat actors during the second quarter of 2023. APT28, often linked to Russia, and the Lazarus Group, associated with North Korea, were highly active during this period. These threat actors frequently target government agencies, military organizations, businesses, and financial institutions in the United States, Europe, and South Korea. To make their attacks harder to detect and defend against, they constantly adapt their techniques.
To provide actionable and contextual cyber-threat intelligence, the report includes a summary of the top 20 techniques used by threat groups during the period and a comparison to the previous quarter. The researchers at BlackBerry also utilized the MITRE D3FEND framework to develop a complete list of countermeasures for the observed techniques. Additionally, the report lists the most effective Sigma rules to detect malicious behavior based on the 224,851 unique samples encountered and stopped by the BlackBerry Cylance AI engine.
The BlackBerry Threat Research and Intelligence team, consisting of global researchers, aims to deliver cutting-edge and pioneering research in the cybersecurity field. Their goal is to enhance BlackBerry’s data-centric and Cylance AI-driven offerings while enlightening and educating readers. The report provides detailed and actionable data to assist organizations in strengthening their cybersecurity defenses.
Ismael Valenzuela, the Vice President of Threat Research & Intelligence at BlackBerry, leads this team and has over 20 years of experience as a security professional. He has been involved in numerous global projects and was the founder of one of Spain’s first IT security consultancies.
In conclusion, the second quarter of 2023 saw a significant increase in cyberattacks targeting government and public service organizations. The BlackBerry Global Threat Intelligence Report highlights the challenges faced by these organizations and provides valuable insights into the evolving techniques employed by threat actors. It is crucial for these organizations to invest in robust cybersecurity defenses and stay updated on the latest threat intelligence to protect vital infrastructure and sensitive data.