We recognize that in today’s world, security leaders must expand their focus beyond technologies and their vulnerabilities. To effectively manage risk, security leaders must continually analyze the global threat landscape and understand how business decisions can influence their organization’s threat profile.
Similarly, business leaders require awareness of their security posture, risk exposure, and cyber-defense strategy that can affect business operations. Through the “BlackBerry Global Threat Intelligence Report,” modern leaders can have timely access to this important information.
Based on the telemetry obtained from our own artificial intelligence (AI)-driven products and analytical capabilities, and complemented by other public and private intelligence sources, global BlackBerry Threat Research and Intelligence team provides actionable intelligence about attacks, threat actors, and campaigns so that you can make well-informed decisions and take prompt, effective actions.
This is precisely what we have worked to distill into the concise quarterly report that I am pleased to release publicly today. To create this new “Global Threat Intelligence Report,” the team analyzed more than 1.5 million stopped cyberattacks, occurring between Dec. 1, 2022, and Feb. 28, 2023. Below are some of the highlights.
Key Report Highlights
- 90 days by the numbers: From December 2022 to February 2023, we observed up to 12 attacks per minute, and the number of unique attacks using new malware samples skyrocketed by 50%— from one per minute in the previous report to 1.5 per minute during this reporting period.
- Top 10 countries experiencing cyberattacks during this period: The US remains the country with the highest number of stopped attacks. However, the threat landscape has changed, and Brazil has just emerged as the second most-targeted country, followed by Canada and Japan. Singapore entered the top 10 for the first time.
- Most targeted industries by number of attacks: According to BlackBerry telemetry, 60% of all malware-based cyberattacks targeted customers in the financial sector, healthcare services, and food and staples retailing industries.
- Most common weapons: Droppers, downloaders, remote access tools (RATs), and ransomware were most frequently used. During the data collection period, BlackBerry observed: a targeted attack using Warzone RAT against a Taiwanese semiconductor manufacturer; cybercriminal groups using Agent Tesla and RedLine Infostealer; and widened use of BlackCat ransomware.
- Industry-specific attacks: The healthcare industry faced a significant number of cyberattacks during this periods. Additionally, this report dives deep into attacks against financial institutions, government entities, manufacturing, and critical infrastructure, key sectors that are often targeted by sophisticated and sometimes state-sponsored threat actors, engaging in espionage and intellectual property campaigns. However, as we reveal in this report, crimeware and commodity malware are also often found in these critical industries
The report also covers notable threat actors and cyber weapons, most consequential attacks, and — most importantly — it also provides actionable defensive countermeasures, in the form of MITRE ATT&CK® and MITRE D3FEND™ mappings deployed during this period.
To learn more, download the “Global Threat Intelligence Report.“
Ismael Valenzuela is VP of Threat Research & Intelligence at BlackBerry