70% surge in new malware types; governments globally targeted by cybercriminals.

70% surge in new malware types; governments globally targeted by cybercriminals. (Source – Shutterstock)

New types of malware surge by 70%, and cybercriminals increasingly target governments worldwide

  • BlackBerry indicates a 70% increase in diverse malware types.
  • Over 3.3 million cyberattacks intercepted by BlackBerry, June – August 2023.
  • Impacted the financial, healthcare sectors plus government agencies.

In recent months, the cybersecurity landscape has witnessed a concerning escalation in both the volume and complexity of cyber threats. According to the latest Quarterly Global Threat Intelligence Report from Blackberry, from June to August 2023, BlackBerry’s cybersecurity solutions have intercepted over 3.3 million cyberattacks.

This high volume of intercepted attacks translates to approximately 26 attacks per minute, highlighting a substantial increase in cyber threats.

The rise of different malware

This rise is not merely quantitative but also qualitative. There’s been a 70% increase in the diversity of unique malware files encountered, averaging about 2.9 unique malware samples per minute. This indicates a significant shift in the tactics of cybercriminals, who employ a broader array of sophisticated tools to bypass traditional, signature-based defense mechanisms.

Data from this period illuminates the changing targets of these cyberattacks. Financial organizations, holding a wealth of sensitive client data and playing a pivotal role in global markets, have experienced a substantial increase in targeted attacks. The healthcare sector faces a surge in unique malware binaries directed at its institutions. The impact of attacks on healthcare is significant, given the need to protect patient data and ensure the continuity of essential  services.

Ismael Valenzuela, Vice President of Threat Research and Intelligence at BlackBerry, emphasizes the increasing efforts of malicious actors to expand their range and volume of cyberattacks.

“The intensifying number of novel attacks targeting nations and industries demonstrates the impact of the macroeconomic climate on cybersecurity,” said Valenzuela. “However, while threats are increasing in number and diversity, so is our ability to defend against them with advanced technologies that predict and prevent attacks.”

Geopolitical cyber landscape: Varying impacts across countries

Different countries experience varying impacts from cyber threats. The United States is the most frequently attacked in North America, with Canada following closely. In the Asia-Pacific region, Japan continues to rank third by the number of attacks, consistent with past reports. Meanwhile, Peru emerges as a new entry in the list of targeted nations in Latin America, and India joins as the fifth-most attacked country in Asia-Pacific.

BlackBerry records attacks stopped by country

BlackBerry records attacks stopped by country. (Source – BlackBerry)

The analysis also highlights the countries where the most unique malware hashes were recorded. The United States tops this list with the most unique malware, followed by Japan, South Korea, India, and Canada.

The quantity of cyberattacks a country faces does not necessarily align with the diversity of malware hashes observed. The discrepancy is attributed to the varying motivations of attackers. Some may aim to target a broad population or specific industry, deploying widespread spam campaigns or using commonly-available malware. Other attackers focus on a smaller, more specific group, industry, or individual corporations, employing unique tools and strategies against high-value targets.

Peru only accounts for 7% of the total attacks, and is not significant in the list of unique malware hashes, a situation attributed to the nature of cyber threats in Peru. Financial motivations drive threat actors to primarily use generic malware against financial institutions rather than more specialized forms.

BlackBerry records unique malware by country - malware types.

BlackBerry records unique malware by country. (Source – BlackBerry)

The data implies a higher count of unique hashes may indicate the presence of more high-value targets, and reflect a more targeted and sophisticated cyber threat landscape.

Government entities: A prime target for cybercriminals

Protecting government organizations and public agencies is crucial, considering their sensitive information and the potential risks to national security.

Threat actors targeting government bodies have varied motivations, ranging from financial greed to geopolitical agendas, or simply the intent to cause disorder. Attackers may include individuals with personal grievances, large criminal syndicates, and state-sponsored Advanced Persistent Threat (APT) groups employing intricate tactics.

Breaches in government agencies can expose highly sensitive data, disrupt vital government services, and undermine public confidence in governmental institutions.

An X user expresses their opinion on nothing is being done by the government to protect its citizens from cyberattacks

An X user expresses their opinion on nothing is being done by the government to protect its citizens from cyberattacks. (Source – X)

Over 100,000 cyberattacks against the government sectors were successfully intercepted during the most recent reporting period, marking a nearly 50% increase from March-May 2023.

Geographically, the Asia-Pacific and North American regions, particularly South Korea, Japan, and Canada, faced most attacks. However, Australia and the United States reported the highest attack volumes, each witnessing over a 50% surge in attacks compared to the previous period.

Different types of malware and sophisticated botnets

The latest threat report identified several low-cost, common malware families targeting government agencies, with RedLine Stealer and RacconStealer v2 (RecordBreaker) prominentlyfavored. These infostealers are designed to extract data from compromised devices, enabling the theft of sensitive data for malicious use.

Other notable infostealers in this period include Vidar and Lumma Stealer (LummaC2). Vidar has been a significant threat throughout 2023, while Lumma Stealer, offered as malware-as-a-service on Russian forums since 2022, continues to circulate widely.

Additionally, the Amadey botnet was also detected, according to the BlackBerry report. First identified in 2018, Amadey has evolved, increasing in complexity. It is frequently used to deploy remote access Trojans (RATs) and infostealers, enhancing its potency as a cyber threat tool.

These developments in the cybersecurity landscape underscore organizations’ growing challenge in protecting their data and systems. The increasing diversification of attacks demands a more dynamic and sophisticated approach to cybersecurity is required. This period is a stark reminder of the continuous evolution of cyber threats and the need for robust and adaptive cybersecurity strategies.