BlackBerry thwarts 3.1 million cyberattacks in early 2024 report
BlackBerry has issued its latest Global Threat Intelligence Report, revealing that its cybersecurity solutions detected and thwarted 3.1 million cyberattacks in the first quarter of 2024. According to the report, this averages to nearly 37,000 attacks per day between January and March. The release also noted a 40 percent increase in the number of new, unique malware hashes from the previous reporting period, as 630,000 malicious hashes were tracked.
Ismael Valenzuela, Vice President of Threat Research and Intelligence at BlackBerry, commented on the findings, stating, "Each iteration of this report highlights startling new trends: novel malware is growing with no signs of stopping, and threat actors are highly motivated, be it for financial gain or to create chaos." He added, "In a year where over 50 countries are holding elections, geopolitical tensions are at an all-time high, and every nation will soon be fixated on the Olympic Games, the threat landscape can feel overwhelming to navigate. This report provides a snapshot of where threat actors are looking, how they are operating, and what we can expect in the coming months so defenders can be one step ahead."
The report provides detailed insights specific to the Asia-Pacific (APAC) region, with a focus on Australia. Australia is listed as fourth globally both in terms of total attacks stopped and new malware detected. Throughout the first quarter of 2024, 67,001 attacks were halted in Australia. The public sector was the most targeted, accounting for 61,575 attacks, followed by retail and wholesale trade sectors with 3,167 attacks, and commercial and professional services with 2,259 attacks. In terms of new malware, the public sector again topped the list with 5,725 instances, followed by commercial and professional services with 866 instances, and the retail and wholesale trade sectors with 521 instances.
The report highlights that significant portions of these attacks are directed at critical infrastructure sectors, with 60 percent targeting areas such as government, healthcare, financial, and communication sectors. Of these, 40 percent specifically targeted the financial sector. Additionally, the APAC region saw concentrated efforts by cybercriminals, with South Korea, Japan, and Australia heavily featured in both attacks stopped and unique hashes charts. Specific attention was given to malware such as LummaStealer and Vidar (VidarStealer), which particularly targeted industries like food, agriculture, and energy within the APAC region.
The report also shed light on the global distribution of cyberattacks, noting that the United States accounted for 82 percent of the attacks observed during the reporting period. Notably, 54 percent of these attacks contained unique malware, with attacks involving previously unseen malicious code. The report identified a 40 percent per-minute increase in novel malware samples, amounting to an average of 7,500 new malware samples per day targeting BlackBerry's customer base, roughly equating to 5.2 per minute.
Commercial enterprises continue to be heavily targeted, making up 36 percent of all threats, which is a 3 percent increase from the previous reporting period. This sector saw a 10 percent rise in instances of new malware, underscoring the growing sophistication of threat actors who often employ social engineering tactics to harvest account credentials and propagate malware.
The report further noted the rapid weaponisation of Common Vulnerabilities and Exposures (CVEs), especially within ransomware and infostealers. A significant 56 percent of the 8,900 CVEs reported during this period were assigned a severity score of seven out of a possible 10, marking a 3 percent increase from the prior period. Despite attempts to dismantle them, ransomware groups like LockBit, Hunters International, and 8Base remain notably active.
The analysis by BlackBerry's Threat Intelligence and Research team predicts that the intensifying geopolitical climate, including ongoing global conflicts and significant upcoming events such as elections and the Olympics, will continue to influence the focus and approach of threat actors. The team anticipates the continued rise of new ransomware and infostealers, placing sectors such as healthcare and financial services as prime targets.