Source – Shutterstock

Threat actors on the rise: What businesses need to know from BlackBerry’s threat intelligence report

  • BlackBerry published its Global Threat Intelligence Report, showcasing the various types of threats faced by organizations globally
  • The report revealed that during a 90-day period from September to November 2022, BlackBerry’s AI technology thwarted 1.75 million cyberattacks

Threat actors are becoming increasingly prominent in the digital landscape as technological advances have provided them with new tools and methods to carry out malicious activities. They are constantly evolving and adapting to new security measures, making it challenging for organizations to stay protected.

The pace of the constantly evolving digital landscape has made it imperative for organizations to be vigilant about the threats they face. In this context, the recent release of BlackBerry Limited’s Global Threat Intelligence Report is a timely development. The report provides an in-depth view of the various types of threats organizations face, including industry-specific attacks targeting sectors such as automotive and manufacturing, healthcare and finance.

In response to the growing demand for threat intelligence, BlackBerry has shifted from an annual to a quarterly reporting cycle, allowing them to provide a more comprehensive view of the threat landscape and help businesses better prepare and protect themselves against the growing number of cyberthreats.

BlackBerry’s Threat Research and Intelligence team has reported that during the 90 days from September 1st to November 30th, 2022, the company’s AI-powered prevention technology successfully thwarted 1,757,248 malware-based cyberattacks. This amounts to 62 malware samples per hour, or one every minute. The most prevalent cyberattacks observed during this time involved:

  • The revival of the Emotet botnet after a four-month hiatus.
  • The widespread use of the Qakbot phishing threat exploits existing email conversations to trick victims.
  • A surge in infostealer downloaders such as GuLoader.

According to Ismael Valenzuela, Vice President of Threat Research & Intelligence at BlackBerry, annual threat reports have been an excellent source of information on overall trends. However, organizations require more up-to-date, actionable data to make informed decisions and take prompt and effective actions in the current landscape.

“Our public and private reports are written by our top threat researchers and intelligence analysts, world-class experts that not only understand the technical threats but also the global and local geopolitical situation, and how it affects organizational threat models in each region. This expertise allows us to provide actionable and contextualized threat intelligence to increase cyber resilience and to enable mission and business objectives,” he added.

The report also highlighted how MacOS is not immune to threats, despite the common belief that it is a safe platform because it’s used less in enterprise systems. IT managers need to be aware of the dangers, including malicious codes that can be downloaded by users, such as the Dock2Master app, which collects user data and was found in 34% of client organizations using macOS.

How is Asia affected by the threat actors?

Cyberattacks are a growing concern for individuals and organizations, as they can result in stolen or damaged sensitive information. One such group that has been making headlines is the Mustang Panda APT group, which is believed to be linked to China. In October, BlackBerry revealed the results of tracking the group and found a campaign impersonating popular Myanmar news outlets and targeting multiple entities, including a government VPN portal.

Threat actors on the rise: What businesses need to know from Blackberry's latest threat intelligence report

Source – Shutterstock

The attack used phishing lures with malicious attachments to gain a foothold on the system, with a series of components including a benign utility susceptible to DLL search order hijacking, a malicious DLL loader, and an encrypted DAT payload. Once the malicious DLL loader was executed, it loaded a PlugX payload into memory, showing that the infection vector, execution chain, and use of PlugX align with Mustang Panda’s established campaign methodology.

Another group, APT32, which is believed to have its roots in Vietnam, has been engaging in malicious cyber activities since 2014. The group’s targets range from private industries and foreign governments to individuals such as dissidents and journalists, with a particular emphasis on Southeast Asian nations such as Vietnam, the Philippines, Laos, and Cambodia. APT32 often employs tactics like strategic web compromise to infiltrate victims’ systems. It has attacked various industries, including defense organizations, high-tech companies, healthcare providers, and manufacturers.

Threat actors utilized a variety of tactics, including newly discovered tools and techniques, as well as adjustments to existing tools to avoid detection. The increase in targeted attacks in the automotive, healthcare, and financial industries highlights the urgent need to secure the vulnerable threat surfaces in these sectors.