valerybrozhinsky - stock.adobe.c

Unique malware sample volumes seen surging

BlackBerry’s latest ‘Global threat intelligence’ report details a surge in unique malware samples as threat actors ramp up the pace of targeted attacks

BlackBerry has claimed its cyber security solutions detected and stopped an average of 11,500 unique malware samples every day during the second calendar quarter of 2024, up 53% on the January to March period and one of the highest three-monthly increases ever recorded in the organisation’s network telemetry.

The data, contained in the latest edition of BlackBerry’s regular Global threat intelligence report provides a clear indication that underground malware developers are quicker to update and adapt their code, making it more potent, resilient and harder to analyse. Some of the increase may also be driven by tailored attacks hitting multiple people at the same organisation.

“As new threat groups emerge and are established, legacy threat groups survive takedown attempts and they focus on developing new malware. This signals that these groups are allocating their resources to prioritise the impact of their attacks rather than sheer volume,” said Ismael Valenzuela, vice-president of threat research and intelligence at BlackBerry.

“Additionally, minor altering of a piece of malware might not seem very sophisticated but contributes to an overwhelming increase in the success and severity of attacks,” added Valenzuela.

The increasing volume of malware observed by BlackBerry ran alongside an 18% increase in the number of cyber attacks stopped every day, which hit an average of 43,500 for a total of 3.7 million during the quarter.

Critical infrastructure operators were the primary targets, with more than 800,000 attacks, roughly 400,000 of them focusing on the financial services sector. This may have something to do with the higher volumes of unique malware samples – BlackBerry suggested that threat actors may be prioritising unique malwares in attacks on critical national infrastructure (CNI) due to the higher likelihood of carrying out a successful, targeted cyber attack.

BlackBerry also observed a 21% uptick in attacks on commercial enterprises, likely as a result of a skyrocketing number of devices in the various sectors – such as manufacturing, commercial and professional services, and retail – that fall under this umbrella.

Weaponisation of chaos

Over the past few years, a succession of global crises, from the Covid-19 pandemic, to the migrant crisis, to wars in Gaza, Lebanon and Ukraine, have gifted threat actors with opportunities, said BlackBerry, which referred to the weaponisation of chaos.

It said that any form of disruption to daily life was now fertile ground for threat actors to incorporate into cyber attacks, and they are becoming increasingly adept at doing so with a variety of phishing campaigns, misleading social media posts and malicious software, among other things.

The BlackBerry research team said that in the near-term, threat actors will continue to take extensive measures to target their victims with increasingly sophisticated methodology, and the rise in new infostealers and malwares suggests that private data will continue to be highly sought after.

Read more about malware

Read more on Hackers and cybercrime prevention