Monday, December 23, 2024

Cyberattackers are using more new malware, attacking critical infrastructure

Must read

Security teams are in for an increasingly busy year as the number of attacks and the amount of new malware increase, according to BlackBerry’s latest Global Threat Intelligence Report, released Tuesday.

Almost two-thirds (60%) of the attacks detected by BlackBerry cybersecurity solutions were directed at the 16 critical infrastructure sectors defined by the US Cybersecurity and Infrastructure Security Agency (CISA), which include healthcare, government, energy, agriculture, finance, and defense.

“The increasing digitization of these sectors means their assets are more vulnerable to cybercriminals,” the report noted. “Threat actors actively exploit critical systems via vulnerabilities such as system misconfigurations and social engineering campaigns against employees.”

Commercial enterprises aren’t being spared; just over one-third (36%) of attacks targeted them, often using social engineering to gather account credentials and plant malware. Although the number of threats directed at these enterprises only rose by three percent, the sector saw a 10% jump in new malware over the previous reporting period. And deepfakes, the report said, are increasingly being used in targeted attacks such as those where a deepfake recording of a CEO’s voice instructs a finance manager to transfer funds to a bad actor.

Unsurprisingly, BlackBerry customers in the US accounted for the most attempted attacks, with 82% of prevented cyberattacks, 54% of which were new malware. Rounding out the top five targets were Japan, South Korea, Australia, and Honduras. BlackBerry saw the greatest amount of new malware in the US, followed by South Korea, Japan, Australia, and Brazil.

The report also found that 56% of the reported vulnerabilities enumerated by CVEs (Common Vulnerabilities and Exposures) that were being leveraged had a severity score of 7.0 or higher out of 10, a three percent increase over the previous reporting period.

And ransomware was alive and well, despite recent high-profile takedowns. Globally, the top three active groups were LockBit, Hunters International, and 8Base, with LockBit focusing on the Americas, while Hunters International hit all regions and 8Base all but Latin America.

It’s a critical time for those fighting cybersecurity threats: the volume of novel malware is growing, and in a year where over 50 countries are holding elections, geopolitical tensions are at an all-time high, the company noted.

Latest article