Cybercrime
,
Cyberwarfare / Nation-State Attacks
,
Fraud Management & Cybercrime
Public Sector Attacks Up 40%, Geopolitical Incidents Growing, BlackBerry Says
Three Asia-Pacific countries were among the hardest hit by cyberattacks in the world between March and May this year, researchers at BlackBerry reported. Geopolitical attacks accounted for hundreds of cyberattacks in early 2023.
See Also: OnDemand | Understanding Human Behavior: Tackling Retail’s ATO & Fraud Prevention Challenge
In its latest Global Threat Intelligence Report, Ontario-based BlackBerry said the company had stopped 1.5 million attacks between March and May 2023. The United States continued to lead the world in cyberattacks, followed by South Korea, Japan, Canada and Australia, the researchers said.
These attacks primarily targeted government, healthcare and financial organizations, and many of them were driven by geopolitical conflicts. BlackBerry also observed attackers, particularly nation-state APT groups, using thousands of novel malware variants with unique binaries to defeat signature-based malware defenses.
“Governments and public services, such as public transit, electricity, water services, schools and nonprofit organizations, stand as unfortunate bull’s-eyes for cybercriminals and other threat actors, whose attacks seek to wreak maximum havoc and who often times face very little resistance,” said Ismael Valenzuela, vice president of threat research and intelligence at BlackBerry.
BlackBerry said its security solutions detected a nearly 40% increase in the number of cyberattacks against public sector entities in Australia, South Korea and Japan. A bulk of these cyberattacks involved common malware families such as RedLine, Emotet, RaccoonStealer, PrivateLoader, SmokeLoader and DCRat, also known as Dark Crystal RAT.
RedLine, a .NET-based info stealer used heavily in attacks on healthcare and financial organizations worldwide, is affordable and capable of exfiltrating personal information and credentials from Windows systems.
“RedLine is widely distributed on underground forums and is sold as a stand-alone product or as part of a MaaS subscription package. At the time of writing, it can be purchased for approximately $100 to $150 USD,” BlackBerry said.
Healthcare Remains the Most Vulnerable Sector
The company also observed malicious actors using RedLine and other malware families such as Emotet, IcedID and SmokeLoader to target healthcare organizations worldwide. Attackers mounted over 109,922 disparate attacks across the sector between March and May, deploying 13,433 unique malware binaries to defeat signature-based detection systems.
BlackBerry’s telemetry data also revealed that the global financial sector faced over 17,000 cyberattacks, and 15,000 of them occurred in the United States. Considering these numbers were obtained only from organizations that deployed BlackBerry cybersecurity products, they may not reflect the worldwide impact of cyberattacks on financial organizations.
Geopolitics Guiding Sophisticated Cyberattacks in 2023
The company said modern nation-state groups are perfecting their attacks to influence events without reaching the threshold of conflict, with methods such as conducting intellectual property theft and cyberespionage campaigns, disrupting critical infrastructure, and powering digital influence campaigns to undermine public confidence in governments.
“As hostilities in Ukraine continue, the link between geopolitics and cyberattacks has become increasingly clear,” BlackBerry said.
A recent example of geopolitically influenced cyber activity was the Indian-origin SideWinder group targeting Pakistani and Turkish government organizations after Turkey publicly supported Pakistan in its dispute with India over Kashmir, the researchers said.