The use of new malware in cyberattacks jumped by 40% in Q1 of 2024, compared to the last quarter of 2023, and is five times higher than a year ago, according to a new report.
Novel (or unique) malware attacks use hacking methods that are new or unknown, making them particularly difficult to detect and fight. The impossibility of anticipating unique malware usually results in longer response and defence times, and ultimately in further damage to targeted systems.
The BlackBerry Global Threat Intelligence report examined the global threat landscape between January and March and observed trends in cybersecurity and attacks. “Each iteration of this report highlights startling new trends: novel malware is growing with no signs of stopping, and threat actors are highly motivated, be it for financial gain or to create chaos,” said BlackBerry’s vice president of threat research and intelligence, Ismael Valenzuela.
The cybersecurity report also looked at the most targeted sectors, hacking methods, malware types and key players.
Critical infrastructure most targeted by cyberattacks
The report found that 60% of cyberattacks targeted critical infrastructure, making it the prime target for breaches. Of those industries, the financial sector was the most attacked (40% of the attacks on critical infrastructure), followed by the healthcare sector (24%), the utility sector (18%) and the government sector (14%).
BlackBerry also found that 32% of novel malware hashes targeted “critical infrastructure tenants”. Of those, 36% targeted government and public sector organisations.
However, commercial enterprises have also been victims of more cyberattacks, compared to the last quarter. While the total number of attacks they faced saw a mere 2% increase, they have encountered 10% more novel malware.
“Just as industries are impacted by cybersecurity threats, individual companies also battle cyberattacks, especially as they tend to rely more on digital infrastructure for finance, communications, sales, procurement and other business operations,” the report says. “Everything from start-ups to multinational conglomerates are susceptible to cyberthreats, particularly ransomware.”
CVEs are increasingly exploited by hackers
The report found that cybercriminals are increasingly using common vulnerabilities and exposures (CVEs) to hack systems. It says that CVEs provide a “framework for identifying, standardising and publicising known security vulnerabilities and exposures.”
The observed CVEs were not only more numerous but they were more serious, too. BlackBerry’s study found that 56% of all the reported CVEs were given a severity score of seven out of ten, presenting a 3% increase from previous numbers.
“CVEs have been rapidly weaponised in all forms of malware,” the report says, highlighting the importance for cyber experts to regularly and thoroughly examine systems for cyber threats.
Who are the major ransomware groups?
Ransomware attacks continue to grow, especially those targeting commercial enterprises and the healthcare sector, according to the study.
“Most of these groups are financially motivated; they quickly adapt new tactics and techniques to evade traditional cybersecurity defences and will rapidly exploit any new security vulnerabilities,” the report says.
Major ransomware groups named in the report include Hunters International, LockBit, ALPHV and 8Base. “Despite takedowns, [these] ransomware groups wreak havoc,” BlackBerry said.
The team of experts behind the report predicts that “threat actors will continue to take extensive measures to carefully target their victims.”
“A rise in new ransomware and infostealers indicates that private data will continue to be highly sought after by threat actors, where sectors like healthcare and financial services will be top targets for attack.”