Blackberry Global Threat Intelligence Report.
Threat intelligence can be considered “the art of taking the adversary by surprise.” Anticipating, mitigating, and preventing surprises in the form of cyberattacks is the primary mission of a practical threat intelligence program.
Achieving that goal requires a proactive approach that answers critical questions like the following: Which threat actors are most likely to cause an impact in my organization? What are their motivations, goals, and capabilities? How do they behave, and what cyber-weapons do they use to achieve those goals? And most importantly, what actionable countermeasures can I deploy to improve my organization’s cyber defense capabilities?
Some of the research highlights in this threat intelligence report include:
- 90 days by the numbers. An overview of the 90-day reporting period in statistics, including the number of unique malware samples that BlackBerry prevented from impacting our customers and the geographical distribution of those attacks. Here’s a preview: our technology stopped an average of 62 new malicious samples per hour, or approximately one new sample per minute.
- Most common weapons. Information about the most common weapons used in cyberattacks, including the resurgence of malicious loaders like Emotet, Qakbot’s extensive presence on the cyberthreat landscape, and the increase in downloaders like GuLoader.
- Remote access increases infostealers. With the post-pandemic rise of remote and hybrid work, the need to access internal networks from the outside has become widespread. Attackers are taking advantage of new remote access possibilities by using information stealers (infostealers) to steal corporate credentials to sell them on the black market. Our report discusses some of the most prevalent and widespread infostealers we saw deployed during this time period.
- No platform is ‘safe.’ Threat actors have multiple strategies for targeting different server, desktop and mobile platforms. For example, despite prevailing opinion, macOS is not a “safer” platform: macOS malware and vulnerabilities abound. Other topics covered include trends such as the increasing number of attacks against Linux platforms; the way that less mainstream programming languages like GoLang are being used to develop cross-platform malware; and an in-depth analysis of threats affecting mobile devices running Android and iOS.
- Unique industry perspective. Due to our strong presence in both the cybersecurity and Internet of Things (IoT) industries, BlackBerry is uniquely positioned to uncover threats to industries such as automotive that aren’t often discussed in other threat reports. This edition includes information about cybersecurity trends we observed that will impact the automotive industry as well as the healthcare and financial industries.
- Top threat actors and countermeasures. Our telemetry also revealed the activities of many different threat actors. The report includes information about some of their most common tactics, techniques, and procedures (TTPs) as well as links to public lists of applied countermeasures mapped to MITRE ATT&CK and MITRE D3FEND. Our goal is to make it easier to update your organizational defenses and threat models based on this actionable information.