BlackBerry Limited has released the 2021 BlackBerry Threat Report, detailing a sharp rise in cyber threats facing organizations since the onset of COVID-19. The research shows a cybercrime industry which not only adapted to new digital habits, but also became increasingly successful in finding and targeting vulnerable organizations. The research also highlights a dangerous new shift in the cybercrime world, one where mercenaries and crimeware-as-a-service models have become increasingly accessible.
At the outset of the pandemic, countless organizations suddenly had to support a large proportion of their workforce remotely, with many forced to digitise various parts of their infrastructure overnight. This evolution and adoption of digital offerings exposed companies to inadequate protections for employees and customers amongst an ever-growing and under-secured attack surface. There was also a greater merging of cyber and physical threats, with cybercriminals increasingly targeting healthcare organizations or using the pandemic to trick already vulnerable populations.
Additionally, the report highlights a burgeoning crimeware-as-a-service business model as well as the increasing sophistication and collaboration of these hacker-for-hire groups. Not only was the ransomware-as-a-service model highly successful – especially as more non-digital natives transacted online – but the additional research into threat actors such as BAHAMUT and CostaRicto shows that these groups possess the tools once thought to be solely the domain of nation-state attackers. This presents a new danger for companies, one where attacks can be more frequent, skilful and targeted.
Key findings in the 2021 Annual Threat Report include:
- Ransomware attacks shifted from performing indiscriminate targeting to conducting highly focused campaigns deployed via compromised MSSPs.
- Numerous phishing campaigns targeted critical infrastructure systems across manufacturing, healthcare, energy services and food supply sectors.
- Mercenary threat groups experienced a year of growth as unscrupulous actors and organizations outsourced their cyber attacks.
- Ransomware-as-a-service offerings grew in popularity, replacing traditional off-the-shelf ransomware with ready-made exploit kits, malspam campaigns and threat emulation software.
- Newer APT groups like CostaRicto targeted disparate victims worldwide with their customised backdoors and tooling.
- Emotet, the banking trojan turned attack platform, received new upgrades and capabilities, including a flaw that allowed BlackBerry researchers to easily identify and prevent it from installing on systems.