Dive Brief:
- Critical infrastructure providers were heavily targeted in 2023, accounting for 62% of all industry-related cyberattacks tracked from September through December of last year, BlackBerry said in a report released Thursday.
- The report showed a 27% increase in the use of novel malware, indicating threat actors were actively working to evade traditional defenses. BlackBerry said more than 5,300 unique malware samples targeted its customers per day during the period.
- Threat groups increasingly exploited critical vulnerabilities in various products, including Citrix Netscaler, Cisco Adaptive Security Appliance and JetBrains TeamCity, to help gain entry into targeted organizations, according to the report. The report also noted that VPN appliances will remain highly attractive targets for state-linked threat actors.
Dive Insight:
The BlackBerry report comes at a time of rising threats to critical infrastructure providers in the U.S. and other parts of the world. The U.S. has faced increasing threats in recent years linked to Russia's invasion of Ukraine and rising geopolitical tensions in the Asia-Pacific region.
U.S. authorities in January warned of a rising threat to critical infrastructure providers linked to state-sponsored threat activity from Volt Typhoon. The threat group, which has ties to the People’s Republic of China, targeted key U.S. infrastructure providers in an effort to potentially spread mass panic in the U.S. mainland as a distraction from potential military action in the Asia-Pacific region.
“The end goal of attacks, whether from financially motivated attackers or nation states, is to cause havoc,” Ismael Valenzuela, VP of threat research and intelligence at BlackBerry, said via email. “Critical infrastructure cannot be disrupted for long, so organizations in this sector are willing to pay, and pay quickly.”
The BlackBerry report noted an increased use of attacks exploiting vulnerable VPN devices to gain access to critical industries.
Blackberry researchers also identified an increased use of particular malware families, including PrivateLoader, RisePro, SmokeLoader and PikaBot.