blackberry global threat intelligence report


At BlackBerry, we recognize that in today’s world, security leaders must expand their focus beyond technologies and their vulnerabilities. To effectively manage risk, security leaders must continually analyze the global threat landscape and understand how business decisions can influence their organization’s threat profile. Similarly, business leaders require awareness of how security posture, risk exposure, and cyber defense strategy can affect their business operations.

Through the BlackBerry Global Threat Intelligence Report and our professional CylanceINTELLIGENCETM subscription service, modern leaders can have timely access to this important information. Based on the telemetry obtained from our own artificial intelligence (AI)-driven products and analytical capabilities, and complemented by other public and private intelligence sources, our global BlackBerry Threat Research
and Intelligence team provides actionable intelligence about attacks, threat actors, and campaigns so that you can make well-informed decisions and take prompt, effective actions.

Key highlights of this report include:

  • 90 days by the numbers. From December 2022 to February 2023, we observed up to 12 attacks per minute, and the number of unique attacks using new malware samples skyrocketed by 50 percent—
    from one per minute in the previous report to 1.5 per minute during this reporting period.
  • Top ten countries experiencing cyberattacks during this period. The U.S. remains the country with the highest number of stopped attacks. However, the threat landscape has changed and Brazil is now the second most-targeted country, followed by Canada and Japan. Singapore entered the top 10 for the first time.
  • Most targeted industries by number of attacks. According to BlackBerry telemetry, customers in the financial, healthcare services, and food and staples retailing industries received 60 percent of all
    malware-based cyberattacks.
  • Most common weapons. Droppers, downloaders, remote access tools (RATs), and ransomware were most frequently used. Here’s a preview: In this period, BlackBerry observed a targeted attack using Warzone RAT against a Taiwanese semiconductor manufacturer; cyber criminal groups using Agent Tesla and RedLine infostealer; and widened use of BlackCat ransomware.
  • Industry-specific attacks. The healthcare industry faced a significant number of cyberattacks during this period, with Cylance Endpoint Security preventing an average of 59 new malicious samples every day, including an increasing number of new Emotet samples. In the last 90 days, financial institutions worldwide protected by BlackBerry technologies blocked more than 231,000 attacks including up to 34 unique malware samples per day. Additionally, this report dives deep into attacks against government entities, manufacturing, and critical infrastructure, key sectors that are often targeted by sophisticated and sometimes state-sponsored threat actors engaged in espionage and intellectual property campaigns. However, as we reveal in this report, crimeware and commodity malware are also often found in these critical industries.

The report also covers notable threat actors and weapons, most sound attacks, and—most importantly—actionable defensive countermeasures in the form of MITRE ATT&CK and MITRE D3FEND mappings deployed during this period. Finally, we offer an analysis of the forecasting accuracy of our previous report and a list of insightful key takeaways based on the events of the past months.

We hope that you will value all the detailed and actionable data presented in this edition. Once again, I would like to express my gratitude to the authors, the highly skilled global researchers on the BlackBerry Threat Research and Intelligence team. Their ongoing efforts to produce cutting-edge research empowers us to continuously improve BlackBerry’s data- and Cylance AI-driven products and services.


Leave a Reply

Your email address will not be published. Required fields are marked *