BlackBerry Global Threat Report Highlights Top Targeted Industries, Malware, and Industry Threats

According to the report, BlackBerry researchers observed up to 12 attacks per minute, new malware sample increases of 50% in prevalence.
Malware laptop

Context

On April 25, 2023, BlackBerry threat intelligence researchers released their Global Threat Report for the December 2022-February 2023 period. According to the report, BlackBerry researchers observed up to 12 attacks per minute, new malware sample increases of 50% in prevalence.

Key Takeaways

Key findings from the report for the retail, hospitality, and travel communities include:

  • Key threats to manufacturing included supply chain compromises and intellectual property theft. Top Malware were RedLine, Emotet, and RacoonStealer.
  • Food and Staples Retailing was the 3rd most targeted industry with 12%, with Healthcare Services and Equipment coming in at 2nd with 14% and Finance in first with 34%.
  • The most common malware types observed included droppers, Emotet, PrivateLoader, Smokeloader, RacoonStealer, Formbook, RedLine, WarzoneRAT, Agent Tesla, and IcedID.
  • The most common observed ransomware strains were Royal, BlackBasta, and BlackCat.

Community Comparison

RH-ISAC data largely supports the top malware findings reported by BlackBerry researchers for the December 2022-February 2023 period. A full report on reporting trends for January-April 2023 will be available in the coming weeks in the next Intelligence Trends Summary from RH-ISAC, but periodic threat summaries largely show that RedLine, Emotet, WarzoneRAT, IcedID, and Agent Tesla are consistently among the most prominent threats to the retail, hospitality, and travel industries.

TTPs

BlackBerry researchers also provided the following MITRE ATT%CK TTPs:

Technique Name

Technique ID

Tactic

 

System Information Discovery

T1082

Discovery

 

Process Injection

T1055

Defense Evasion

 

Virtualization/Sandbox Evasion

T1497

Defense Evasion

 

Security Software Discovery

T1518.001

Discovery

 

Masquerading

T1036

Defense Evasion

 

Remote System Discovery

T1018

Discovery

 

Application Layer Protocol

T1071

Command and Control

 

File and Directory Discovery

T1083

Discovery

 

Non-Application Layer Protocol

T1095

Command and Control

 

Process Discovery

T1057

Discovery

 

DLL Side-Loading

T1574.002

Persistence

 

Command and Scripting Interpreter

T1059

Execution

 

Input Capture

T1056

Collection

 

Software Packing

T1027.002

Defense Evasion

 

Disable or Modify Tools

T1562.001

Defense Evasion

 

Rundll32

T1218.011

Defense Evasion

 

Encrypted Channel

T1573

Command and Control

 

Obfuscated Files or Information

T1027

Defense Evasion

 

Registry Run Keys/Startup Folder

T1547.001

Persistence

 

Application Window Discovery

T1010

Discovery

 

 

More Recent Blog Posts

2024 RH-ISAC Cyber Intelligence Summit logo

Register for RH-ISAC Summit

Our biggest event of the year is coming up soon! Join RH-ISAC April 9-11 in Denver for our annual three-day conference featuring interactive, practitioner-led discussions, breakout sessions, and keynote presentations.