BlackBerry report finds NHS & schools hit by surge in malware

BlackBerry has released its latest Global Threat Intelligence Report, indicating a significant rise in cyber threats and malicious activities.

The report highlights a 53% surge in unique malware samples, with approximately 11,500 samples detected and blocked daily from April to June 2024. This quarter-over-quarter increase is one of the highest documented by BlackBerry.

The report notes that cyberattacks on critical infrastructure are intensifying, with the NHS and Biggin Hill School in London among the recent victims. This sector experienced over 800,000 attacks during the reporting period, accounting for 41% of all cyberattacks monitored. Financial services remain a prime target, bearing 50% of these critical infrastructure attacks, marking a 10% increase from the previous report.

"As new threat groups emerge and established ones survive takedown attempts, they are developing new malware," said Ismael Valenzuela, Vice President of Threat Research and Intelligence at BlackBerry. "This signals a shift in focus from sheer volume to the impact of their attacks. Minor alterations to malware might not seem sophisticated but contribute significantly to the success and severity of attacks."

Key insights from the report reveal several trends shaping the current cyber threat landscape. Geopolitical tensions are notably fuelling cyberattacks, with ongoing conflicts and national elections adding to the frenzy. Cyberwarfare plays a critical role in current global disputes, including those between Russia and Ukraine, Israel and Hamas, and in the South China Sea. Such conflicts have led to increased efforts in cyber disruption and disinformation.

Attacks on commercial enterprises rose by 21%, as the proliferation of connected devices across various sectors – from retail to professional services – offers more entry points for attackers. Within this category, capital goods companies, which include manufacturers of office and industrial machinery, faced 66% of all attacks stopped by BlackBerry's measures.

Additionally, the report highlights an improvement in deepfake technologies. These digitally manipulated images, videos, or audio files are increasingly convincing, enabling attackers to deceive individuals into believing they are interacting with known and trusted entities. This trend supports a rise in socially engineered attacks.

The period observed also saw malicious actors exploit various forms of chaos, such as wars, natural disasters, and IT outages, to launch phishing attacks and spread misinformation. High-profile disruptions, including the U.S. election shakeups and the CrowdStrike outage, provided fertile ground for these activities.

Emerging cybercriminal groups are also gaining prominence. While legacy threats like LockBit remain significant, newer groups such as BlackSuit and Space Bears are becoming substantial threats. This development points to a dynamic and evolving cyber threat environment.

The BlackBerry Threat Intelligence and Research team forecasts that attackers will continue to refine and enhance their methodologies. A notable increase in new malware variants and information stealers suggests a persistent focus on acquiring sensitive data, with sectors like healthcare and financial services likely to remain prime targets.

In this edition, BlackBerry has also announced a partnership with the Royal Canadian Mounted Police's National Cybercrime Coordination Centre (NC3). This collaboration aims to provide insights into cybercrime trends and improve cooperation between public and private entities in combating cyber threats.