BlackBerry cyber report reveals 3.1 million attacks in Q1 2024

BlackBerry has reported a significant surge in the prevalence of new malware used in cyberattacks, as detailed in its latest Global Threat Intelligence Report. Between January and March 2024, BlackBerry’s cybersecurity solutions detected and thwarted 3.1 million cyberattacks, equating to an alarming rate of 5.2 attacks per minute. The report documents a 40% increase in the detection of new malware hashes during this period.

According to the report, critical infrastructure sectors have been overwhelmingly targeted, comprising 60% of all cyberattacks. These sectors include government, healthcare, financial, and communication industries, with 40% of the attacks directed specifically at the financial sector.

"Each iteration of this report highlights startling new trends: novel malware is growing with no signs of stopping, and threat actors are highly motivated, be it for financial gain or to create chaos,” commented Ismael Valenzuela, Vice President of Threat Research and Intelligence at BlackBerry.

He added that the socio-political landscape further complicates the cybersecurity environment. “In a year where over 50 countries are holding elections, geopolitical tensions are at an all-time high, and every nation will soon be fixated on the Olympic Games, the threat landscape can feel overwhelming to navigate."

The financial sector remains a prime target for cybercriminals, accounting for a substantial proportion of the attacks on critical infrastructure. Additionally, commercial enterprises, such as those in retail, manufacturing, automotive, and professional services, were not spared. According to the report, 36% of total threats were directed at commercial enterprises, marking a slight increase from the previous reporting period. This sector also experienced a 10% rise in new malware instances.

The United States was particularly affected, with 82% of cyberattacks identified in this period targeting the country. Of these attacks, a significant 54% involved unique malware strains previously unseen. This uptick represents an average of 7,500 new malware samples each day.

Valenzuela emphasised the evolving and sophisticated methodologies employed by cybercriminals. "This report provides a snapshot of where threat actors are looking, how they are operating, and what we can expect in the coming months so defenders can be one step ahead," he stated. CVEs (Common Vulnerabilities and Exposures) continue to play a significant role. The report noted that 56 percent of the 8,900 CVEs identified were assigned a severity score of seven, out of a possible ten, reflecting a minor increase from the prior reporting period.

Despite some efforts to dismantle ransomware groups, these entities continue to be highly disruptive. The most active groups during this period were identified as LockBit, Hunters International, and 8Base. The continued activity of these groups underscores ongoing challenges in countering ransomware attacks.

The report also highlights that the geopolitical climate, including Russia’s invasion of Ukraine and ongoing conflicts in the Middle East, will remain influential in the strategies and targets of threat actors. As disinformation and deepfake campaigns persist on social media, these factors are expected to shape the development and deployment of cyber threats.

In its analysis, BlackBerry’s Threat Intelligence and Research team anticipates that ransomware and infostealers will continue to be prominent, with sectors handling sensitive data like healthcare and financial services being particularly vulnerable.

The latest findings underline the importance of robust cybersecurity measures as threat actors increasingly target critical and commercial sectors with growing sophistication and frequency.