Cyber-attacks towards authorities companies and public sector companies are up 40% within the second quarter of 2023 in comparison with the primary.
BlackBerry Cybersecurity’s second Quarterly Threat Intelligence Report, masking cyber-attacks noticed from March to Might 2023, was revealed on August 2, 2023. The agency claimed it stopped 1.5 million assaults throughout 90 days, 55000 of which have been concentrating on public sector organizations.
This reporting interval was dominated by information of ransomware teams concentrating on and breaching metropolis and state authorities programs in North America. These included the LockBit incident towards town of Oakland in California, BlackByte’s Royal Ransomware marketing campaign that affected Dallas, Texas and Augusta, Georgia and Clop’s MOVEit supply chain attack.
Dmitry Bestuzhev, senior director of BlackBerry’s Menace Analysis and Intelligence group, advised Infosecurity that as a result of authorities companies deal with residents’ non-public data, “authorities knowledge is gold [and] getting their arms on this delicate knowledge is taken into account ‘absolute success’ for each nation-states and financially motivated risk actors. It may also be utilized in extra cyber-attacks, akin to high-quality spear phishing assaults.”
“With restricted sources and immature cyber protection packages, these organizations are struggling to defend towards the double-pronged risk of each nation-states and cybercriminals, with hacks occurring with extra frequency and severity. [They] are additionally embracing digital transformation and work-from-anywhere initiatives, and that is dramatically rising the stakes of cybersecurity,” he added.
Menace Actors Utilizing Extra Novel Instruments
On common, risk actors deployed roughly 11.5 assaults per minute in the course of the interval noticed within the report, together with roughly 1.7 novel malware samples per minute. This represents a 13% enhance from the earlier reporting interval’s common of 1.5 new samples per minute.
This “demonstrates that attackers are diversifying their tooling in an try and bypass defensive controls, particularly these legacy options primarily based on signatures and hashes,” reads the report.
Whereas the general public sector was the trade that noticed probably the most modern instruments and exploits used towards it, it ranked second within the complete variety of assaults. The healthcare sector recorded 109,922 assaults stopped by BlackBerry within the second quarter of 2023.
“Medical data, social safety numbers, bank card particulars are worthwhile knowledge factors – basically ‘catnip’ for on-line criminals — and healthcare organizations are bursting on the seams with them,” Bestuzhev stated.
He added that the rising variety of cyber-attacks towards this sector is especially regarding as a result of each profitable assault can have severe penalties, together with the loss or sale of delicate affected person knowledge to malicious entities and even direct bodily hurt to sufferers.
“Restoring entry to knowledge and programs can actually be a life-or-death scenario,” he stated.
Based on a previous BlackBerry report, finances constraints, an absence of incident response planning, restricted detection capabilities, alert fatigue, and a cybersecurity expertise hole are among the many prime cybersecurity obstacles reported within the healthcare sector.
Cellular Banking, the Monetary Sector’s Achille’s Heel
The monetary trade was third in relation to complete variety of assaults, with 17000 incidents blocked by BlackBerry over the identical interval.
Essentially the most distinguished assaults concentrating on each the healthcare and monetary sectors used commodity malware like Emotet, IcedID, SmokeLoader and RedLine, or botnets akin to Amadey.
Monetary companies establishments additionally face persistent threats by way of smartphone-centric commodity malware, ransomware assaults, and the rise of cell banking malware concentrating on the rising pattern of digital banking companies.
These findings align with another report on ransomware attacks revealed the identical day by Barracuda Networks.
Learn extra: Education Sector Has Highest Share of Ransomware Victims
Not Your Common APTs: Indian Menace Group Focused Pakistan and Turkey
Whereas Russia-backed Fancy Bear (APT28) and the North Korea-backed Lazarus Group (APT38) have been probably the most lively risk actors concentrating on BlackBerry’s prospects throughout the second quarter of 2023, the BlackBerry Menace Analysis and Intelligence group noticed some lesser-known nation-state actors.
In early Might, BlackBerry revealed findings which uncovered campaigns by the superior persistent risk (APT) group SideWinder, believed to originate in India.
One marketing campaign targeted on Pakistani authorities targets and was delivered by a fancy execution chain that relied on phishing emails and weaponized paperwork that exploited the CVE-2017-019960 vulnerability to carry out distant template injection. One other one appeared to focus on Turkey.
“This marketing campaign’s timing overlapped with geopolitical occasions within the area, notably Turkey’s public help of Pakistan in its dispute with India over Kashmir,” reads the report.
In Might, BlackBerry additionally found a brand new risk group known as Rhysida that supposed to assault Chile’s military utilizing ransomware. “The main points of the assault haven’t been totally disclosed, however a military corporal has been arrested for alleged involvement within the ransomware assault,” BlackBerry notes within the report.
