Context
On April 25, 2023, BlackBerry threat intelligence researchers released their Global Threat Report for the December 2022-February 2023 period. According to the report, BlackBerry researchers observed up to 12 attacks per minute, new malware sample increases of 50% in prevalence.
Key Takeaways
Key findings from the report for the retail, hospitality, and travel communities include:
- Key threats to manufacturing included supply chain compromises and intellectual property theft. Top Malware were RedLine, Emotet, and RacoonStealer.
- Food and Staples Retailing was the 3rd most targeted industry with 12%, with Healthcare Services and Equipment coming in at 2nd with 14% and Finance in first with 34%.
- The most common malware types observed included droppers, Emotet, PrivateLoader, Smokeloader, RacoonStealer, Formbook, RedLine, WarzoneRAT, Agent Tesla, and IcedID.
- The most common observed ransomware strains were Royal, BlackBasta, and BlackCat.
Community Comparison
RH-ISAC data largely supports the top malware findings reported by BlackBerry researchers for the December 2022-February 2023 period. A full report on reporting trends for January-April 2023 will be available in the coming weeks in the next Intelligence Trends Summary from RH-ISAC, but periodic threat summaries largely show that RedLine, Emotet, WarzoneRAT, IcedID, and Agent Tesla are consistently among the most prominent threats to the retail, hospitality, and travel industries.
TTPs
BlackBerry researchers also provided the following MITRE ATT%CK TTPs:
Technique Name | Technique ID | Tactic
|
System Information Discovery | T1082 | Discovery
|
Process Injection | T1055 | Defense Evasion
|
Virtualization/Sandbox Evasion | T1497 | Defense Evasion
|
Security Software Discovery | T1518.001 | Discovery
|
Masquerading | T1036 | Defense Evasion
|
Remote System Discovery | T1018 | Discovery
|
Application Layer Protocol | T1071 | Command and Control
|
File and Directory Discovery | T1083 | Discovery
|
Non-Application Layer Protocol | T1095 | Command and Control
|
Process Discovery | T1057 | Discovery
|
DLL Side-Loading | T1574.002 | Persistence
|
Command and Scripting Interpreter | T1059 | Execution
|
Input Capture | T1056 | Collection
|
Software Packing | T1027.002 | Defense Evasion
|
Disable or Modify Tools | T1562.001 | Defense Evasion
|
Rundll32 | T1218.011 | Defense Evasion
|
Encrypted Channel | T1573 | Command and Control
|
Obfuscated Files or Information | T1027 | Defense Evasion
|
Registry Run Keys/Startup Folder | T1547.001 | Persistence
|
Application Window Discovery | T1010 | Discovery |
