Threat Report: Cybercriminals Expand Vertical Focus

The annual Threat Report published by BlackBerry Limited finds that while financial services and the retail sector continue to bear the brunt of most cybersecurity attacks, cybercriminals have expanded their targets in the last year to include IT service providers, connected cars and range of other things.

Researchers from Cylance, which is owned by BlackBerry, found that retail and wholesale remained the most targeted sectors—almost a quarter (23%) of all retailers suffered a compromise of sensitive financial information. Three of the most prevalent threats of 2019—Emotet, Ramnit and Upatre—were all focused on retail organizations. In addition, the report noted 47% of all coinmining operations targeted retailers.

At the same time, attacks against other sectors increased as well. For example, the report notes Cylance researchers discovered new backdoors being deployed by a cybercriminal organization known as OceanLotus that targeted multinational automotive manufacturers.

In addition, cybercriminals launched more attacks against IT service providers that manage IT environments for many customers. Using toolkits such as Go2Assist and NinjaRMM, cybercriminals attempted to use remote monitoring and management (RMM) platforms employed by IT service providers to distribute malware.

The BlackBerry threat report also noted there is a lot more collaboration now between cybercriminals who have developed ransomware and banking trojan exploits, thanks in part to the rise of ransomware-as-a-service (RaaS) platforms. Given the nature of the sensitive data involved, the report noted the healthcare sector is the most likely to pay a ransom.

In addition, there has been increased usage of host-encrypted malware, according to the report. Static analysis of host-encrypted malware is almost impossible in a lab, which results in cybersecurity teams having less understanding of how to block a specific piece of malicious code.

Finally, misconfigured cloud resources led to the public exposure of more than 7 billion records in 2019, according to the report.

Eric Milam, vice president of research for the Cylance arm of BlackBerry, said the issue most organizations face is that while they may have invested heavily in protecting their perimeters, there is not much in the way of meaningful defenses in place, should cybercriminals get past that first layer of defense. From a cybersecurity perspective, most organizations are the equivalent of a “jelly donut” that just opens up once the outside is cracked open.

Milam noted cybersecurity teams should expect the number of attacks being launched to steadily increase in 2020. Many cybercriminals now access various platforms to download exploits, which means they don’t have to take the time to develop their own code, he said, adding the level of support and service the builders of those platforms provide their customers is now among the best in the IT industry.

As more things become connected, the attack surface that needs to be defended naturally expands. Given the current shortage of cybersecurity expertise, the rate at which platforms are being connected is clearly outpacing the ability of cybersecurity teams to keep pace. There may come a day soon when various forms of automation and artificial intelligence (AI) will narrow that gap, but in the meantime, cybersecurity professionals will be hard-pressed to secure enterprises that have never been more extended.

Michael Vizard

Avatar photo

Michael Vizard

Mike Vizard is a seasoned IT journalist with over 25 years of experience. He also contributed to IT Business Edge, Channel Insider, Baseline and a variety of other IT titles. Previously, Vizard was the editorial director for Ziff-Davis Enterprise as well as Editor-in-Chief for CRN and InfoWorld.

mike-vizard has 736 posts and counting.See all posts by mike-vizard