Public Sector Hit in Sudden Surge, Reveals New Research

Government and public service organizations experienced a 40% increase in cyberattacks during Q2 2023 compared with Q1, according to the latest “BlackBerry Global Threat Intelligence Report.” These include public transit, utilities, schools, and other government services people rely on daily.

With limited resources and often immature cyber-defense programs, these publicly funded organizations are struggling against the double-pronged threat of attacks from nation-states and the criminal underground.

The latest edition of BlackBerry’s quarterly cybersecurity benchmarking guide covers events between March and May 2023. It provides new information for the cybersecurity industry worldwide based on a detailed geopolitical analysis. BlackBerry observed and stopped 1.5 million attacks within the 90-day period.

Here are a few highlights from the report:

• 90 days by the numbers: From March 2023 to May 2023, threat actors deployed approximately 11.5 attacks per minute. These threats included roughly 1.7 novel malware samples per minute, a 13% increase from the previous reporting period’s average. This increase demonstrates that attackers are diversifying their tools in an attempt to bypass defensive controls.
• Most targeted industries: The healthcare and financial services industries continue to be among the most targeted sectors. Cybercriminals view the healthcare industry as a lucrative target because of the valuable data and critical services performed in the sector. Threat actors targeted the industry with ransomware and information stealers (infostealers).
• Remote access increases cyber-risk: Financial institutions face persistent threats due to their economic significance and concentration of sensitive data. The report details these challenges, exacerbated by the growing availability of commodity malware for ransomware attacks and the rise in malware targeting digital and mobile banking services. Researchers uncovered mobile threats including data exfiltration, financial app spoofing, and SMS text interceptors.
• Country-specific cyberattacks: In the second quarter of 2023, APT28 and the Lazarus Group — state-sponsored threat actors linked to Russia and North Korea, respectively — became extremely active. These actors typically target the United States, Europe, and South Korea and focus on targeting government agencies, military organizations, businesses, and financial institutions. They also frequently adapt their techniques to make their attacks harder to detect and defend against.

In keeping with the report’s primary goal of providing actionable and contextual cyber-threat intelligence, readers will find a summary of the top 20 techniques used by threat groups during the period and a comparison to the previous quarter. The BlackBerry research team also utilized the MITRE D3FEND framework to develop a complete list of countermeasures for the techniques observed during the study period. Additionally, the report lists the most effective Sigma rules to detect malicious behavior, based on the 224,851 unique samples encountered and stopped by the BlackBerry Cylance^® AI engine.

The global researchers within the BlackBerry Threat Research and Intelligence team are delivering cutting-edge, pioneering research. The report aims to enlighten and educate readers while continuously enhancing BlackBerry’s data-centric and Cylance AI-driven offerings. We hope you will benefit from the detailed and actionable data in the “Q3 2023 Global Threat Intelligence Report.”

About the Author

Ismael Valenzuela is Vice President of Threat Research & Intelligence at BlackBerry, where he leads threat research, intelligence, and defensive innovation. Ismael has participated as a security professional in numerous projects across the globe for over 20+ years, which included being the founder of one of the first IT security consultancies in Spain.