BlackBerry Ltd.

10/25/2024 | News release | Distributed by Public on 10/25/2024 11:59

13 Cyberthreats That Could Haunt Your Network This Halloween

13 Cyberthreats That Could Haunt Your Network This Halloween

As the eerie whispers of Halloween fill the air, 13 cyberthreats are bubbling their way to the top of the cyberattack cauldron. Beware, because the following statistics from the BlackBerry Global Threat Intelligence Report (and beyond) may send shivers down your spine. However, there are powerful ways to repel these digital phantoms, regardless of the size of your security team.

13 Haunting Cyberthreats This Hallows Eve

1. Malware Madness

Every time the clock strikes midnight, BlackBerry threat researchers identify an average of 11,500 unique malware hashes from the previous day - these are either evolved or newly created attacks organizations have never faced before. In the most recent quarter, researchers tracked a 53% spike in these unique malware creations.

Image: BlackBerry Global Threat Intelligence Report, September 2024

This surge in malware madness indicates a rapid evolution in cybercriminal tactics which includes the ability to use powerful and publicly accessible tools to speed attack creation. How do you defeat this witch's brew of methods used to bypass traditional security tools? According to independent analysis from the Tolly Group, CylanceENDPOINT™ is the most effective way to break this curse.

2. Ransomware Rampage

Like movie monsters, ransomware groups seem nearly invincible and continue their rampage around the world, sometimes by re-inventing themselves. In the most recent BlackBerry Global Threat Report, Canada's NC3 revealed that ransomware has been assessed as the top cybercrime threat in the country, as almost 60% of incidents reported to the NC3 are ransomware attacks.

And threat actors are frequently bringing ransomware attacks out of their bag of tricks against the healthcare sector because those organizations may be forced to pay the ransom when lives could be on the line.

What allows this ransomware rampage to continue? The BlackBerry Incident Response Team helps organizations under attack - and it reports that unprotected, or poorly configured internet devices are a common culprit allowing cyber goblins into your environment. Once inside, they deploy ransomware and exfiltrate data. Consider this true tale:

"During a cybersecurity breach, threat actors exploited a series of vulnerabilities on an outdated Cisco ASA to gain unauthorized access to the company's virtual private network (VPN). Once inside the network, they utilized the Microsoft Remote Desktop Protocol (RDP) to infiltrate the domain controller, allowing them to obtain a comprehensive list of users and groups within the domain. Leveraging tools such as netscan and Advanced IP Scanner software, the threat actors conducted a thorough network scan to map out the infrastructure. Subsequently, the attackers exfiltrated the entire "C:\Users" folder that contained critical user data and then deployed Akira ransomware, causing significant disruption and data loss."

-The BlackBerry Incident Response Team

Situations like these highlight the need for companies to apply security updates to all internet-exposed systems and to do so in a timely manner. And if you're worried about security gaps, check out CylanceMDR Pro, where the highly experienced CylanceMDR™ team manages your security for you, without the need to rip and replace anything. Being able to bring your own security stack is a definite Halloween treat.

3. Diabolical Deepfakes

Forget about masks, cyber threat actors are now using digital face swaps and voice spoofing that can fool almost anyone, and a single deepfake attack can cost organizations millions. A finance worker recently sent $25 million to attackers, following a video call that turned out to be a deepfake. Read Deepfakes and Digital Deception: Exploring Their Use and Abuse in a Generative AI World, for the latest tricks and how to detect them.

4. No Disguising It: Critical Infrastructure Attacks Increase

BlackBerry® cybersecurity solutions stopped more than 800,000 cyberattacks targeting critical infrastructure in the most recent quarter, with half of those attacking the financial sector - a 10% quarter over quarter increase. One-in-four of these critical infrastructure attacks targeted healthcare.

Image: BlackBerry Global Threat Intelligence Report, September 2024

Cyber threat actors might hide in the shadows, but their motivations do not. BlackBerry threat researchers explain that critical infrastructure is a lucrative target for several reasons, including the fact the data is often highly valuable and can be resold to other threat groups and used for planning attacks. Geopolitical turbulence also places critical infrastructure in the crosshairs of adversaries opposed to the policies of the nations they reside in or those they collaborate with.

What can illuminate the darkness and expose the cyber-ghosts targeting your industry or organization? Managed services that come with real threat detection and pro-active threat hunting will bring you treats instead of tricks this year.

5. Eerie Espionage

BlackBerry threat researchers track various threat actors who operate in espionage and information gathering, including one that targeted ports and maritime facilities. Here are the haunting highlights from this effort:

"In July 2024, the BlackBerry Threat Research and Intelligence Team discovered a new campaign by the threat group known as SideWinder. In this campaign, BlackBerry observed three falsified "visual bait" documents associated with very specific port infrastructure. Visual decoys are typically not malicious themselves; their primary purpose is to distract the victim from realizing they are being compromised. The victim is usually an employee at a target company. Below is an example from SideWinder's campaign."

Image: BlackBerry Global Threat Intelligence Report, September 2024

"Threat actors hope that by using familiar company logos and eliciting strong emotions such as fear or concern for job security, the victim will believe the document is legitimate and be compelled to read it in a state of high anxiety. They will then be so distracted that they won't notice strange events on their device such as system popups or increased fan noise caused by high CPU utilization, which is often an early warning sign of a malware infection in progress."

And here's another frightening thought related to espionage: intercepted communications are on the rise. The BlackBerry SecuSUITE team shared real examples here and recently answered the question: Are WhatsApp and Signal Secure Enough for Confidential or Secret Communications?

6. Infostealer Invasion

Like the ingredients in a witch's brew, threat researchers documented a long list of infostealers targeting organizations. RisePro is just one example from BlackBerry threat researchers:

"RisePro is a multifunctional infostealer often sold as MaaS (malware-as-a-service) on underground forums. RisePro was initially observed in late 2022. Then, in late 2023 and early 2024, BlackBerry noticed a sharp increase of RisePro activity. RisePro can be dropped onto a victim's device in a variety of ways, often through malicious links or email attachments. It also has been deployed via PrivateLoader, a PPI malware frequently used as a malware distribution service. Once on a device, RisePro communicates with its C2 server where it receives commands to steal data, drop additional malware or exfiltrate information from the victim's device."

Download the Global Threat Report and see Page 8 for a list of prevalent infostealers threat actors are using now.

7. Total Attack Jump-Scare

Here's a spooky statistic, for any type or size of organization. From April to June 2024, BlackBerry cybersecurity solutions stopped a total of 3.7 million cyberattacks. If you do the math that's 43,500 cyberattacks stopped per day and dozens of attacks stopped per-minute. The number of attacks represents an increase of 18% vs. the previous reporting period. This cycle of relentless attacks is why so many organizations are turning to managed detection and response.

8. APAC Assault

Countries in the APAC region, notably Japan, South Korea, Australia and New Zealand face intense cyberattacks, earning them spots in our top five and making Asia-Pacific (APAC) the second most heavily targeted region. This highlights the global nature of digital threats and the importance of regional collaboration and cybersecurity intelligence sharing to effectively combat these pervasive challenges.

Image: BlackBerry Global Threat Intelligence Report, September 2024

Thankfully, the Malaysia Cybersecurity Center of Excellence is now upskilling the region's cyberdefenders following a landmark cybersecurity agreement between BlackBerry and the Government of Malaysia.

9. Social Engineering Shenanigans

Threat actors continue to mask their actions, and their attempts to socially engineer all of us. Phishing remains a dominant method for cyber intrusions, exploiting basic human psychology to gain unauthorized access. And here's a chilling number: the Cybersecurity and Infrastructure Security Agency (CISA) says a mere 13% of targeted employees report phishing attempts against them. "Employee failure to report phishing attempts limits the organization's ability to respond to the intrusion and alert others to the threat," CISA adds.

10. Haunted Communications

Cyber threat actors have lots of favorite haunts within your network, and one of them leads to the Sixth Deadly Sin of Incident Response: Trusting Your Comms Channels. The BlackBerry Incident Response Team explains it like this:

"Consider the need to use out-of-band, encrypted, and trusted means of communicating between the teams handling the case. On multiple occasions, our incident response team witnessed administrators using cleartext email to send credentials and other sensitive information during an incident. APT actors often have full control over email servers and have performed network surveillance to extract credentials from cleartext traffic. In one case we saw the threat actor reuse credentials created for the incident response teams' recovery actions."

Now that's a spine-tingling thought.

11. Insider Intrigues

Some threats come from within the organization. Recent research by the Ponemon Institue reveals malicious insider cases come with an average cost per incident of $701,500. Implementing strict access controls and continuous monitoring can help detect and prevent insider threats. And CISA says the first step to developing an insider threat mitigation program is to properly define the threats for your specific organization.

12. Supply Chain Sabotage

Threat actors and their digital goblins are increasingly appearing in software supply chain cyberattacks. BlackBerry research into the State of Supply Chain Security reveals the consequences, according to organizations surveyed. Issues include financial loss (reported by 64 percent), data loss (59 percent), reputational damage (58 percent), and operational impact (55 percent).

13. Monstrous Manufacturing Attacks

Manufacturers are becoming a monster-sized target for attackers. IDC reports that a rapidly increasing IoT/OT installed base is creating an expanded entry point and attack surface for bad actors to exploit in this vertical, and that in 43% of the cases, a successful ransomware attack causes a week or more of disruption. Key things to look for in endpoint protection platforms (EPP) for OT environments include an EPP that remains equally effective in stopping threats both when connected to the internet and when disconnected. Also, look for a solution that runs with the smallest impact on system resources. Here is a Tolly Group comparison with results that reveal which EPP has the most magic to protect your organization this Halloween, and beyond.

Conclusion

Remember, in the eerie landscape of cyberspace, you're not alone. With the right tools and awareness, you can exorcise these threats from your network or keep them out in the first place. Because this is a relentless fight, we suggest utilizing a managed service where human experts and AI combine to protect against the dark forces of malware madness, ransomware rampages, and other threats. This Halloween, don't just prepare for trick-or-treaters at your door - fortify your digital doorstep, too.

For similar blogs and news delivered right to your inbox, please subscribe to the BlackBerry Blog.

About Bruce Sussman

Bruce Sussman is Senior Managing Editor at BlackBerry.

About Taha Aziz

Taha Aziz is Senior Growth Marketing Manager at BlackBerry.

Back