New ransomware, infostealers pose growing risk in 2024

BlackBerry detected and stopped 3.1 million cyberattacks (37,000 per day) in the first quarter of 2024. Between January and March 2024, BlackBerry detected 630,000 malicious hashes, representing a 40% increase from its previous reporting period.

60% of attacks targeting industry were directed at critical infrastructure, including government, healthcare, financial, and communication industries, of which 40% targeted the financial sector.

“Each iteration of this report highlights startling new trends: novel malware is growing with no signs of stopping, and threat actors are highly motivated, be it for financial gain or to create chaos,” said Ismael Valenzuela, VP of Threat Research and Intelligence at BlackBerry.

“In a year where over 50 countries are holding elections, geopolitical tensions are at an all-time high, and every nation will soon be fixated on the Olympic Games, the threat landscape can feel overwhelming to navigate. This report provides a snapshot of where threat actors are looking, how they are operating, and what we can expect in the coming months so defenders can be one step ahead,” added Valenzuela.

The US severely outnumbers the world in cyberattacks

According to BlackBerry’s internal telemetry, 82% of cyberattacks targeted the US during this reporting period. 54% of those attacks contained unique (new) malware, meaning attacks contained malware that was previously not observed.

BlackBerry observed a 40% per-minute increase in novel hashes (unique malware), compared to the previous reporting period. This represents an average of 7,500 unique malware samples per day targeting BlackBerry’s customer base, or 5.2 per minute.

36% of all threats targeted commercial enterprises (including retail, manufacturing, automotive and professional services), a 3% increase from the last reporting period. Yet, this sector saw a 10% jump in instances of new malware. Commercial enterprise remains a target for threat actors as they grow more sophisticated, often using social engineering to obtain account credentials and distribute malware.

CVE exploitation has rapidly expanded

CVEs provide a framework for identifying, standardizing and publicizing known security vulnerabilities and exposures. 56% of the 8,900 CVEs reported during this reporting period were given a severity score of seven out of a possible 10. This represents a 3% increase from the previous reporting period.

Globally, the top three ransomware groups active this period were LockBit, Hunters International, and 8Base.

These threats will continue to be underpinned by a politically charged year globally, with disinformation and deepfake campaigns continuing to be pervasive across social media. Russia’s invasion of Ukraine, the continuing conflict in the Middle East, and global elections will be the dominant variables in how threat actors select their targets and methodologies.

Based on its data analysis, the BlackBerry Threat Intelligence and Research team predicts that threat actors will continue to take extensive measures to carefully target their victims. A rise in new ransomware and infostealers indicates that private data will continue to be highly sought after by threat actors, where sectors like healthcare and financial services will be top targets for attack.