The Rising Threat: Uncovering a Sudden Surge of Malware Targeting the Public Sector

Government and Public Service Organizations Face Surging Cyberattacks

Rising Threats and Vulnerabilities

According to the recently released “BlackBerry Global Threat Intelligence Report,” government and public service organizations experienced a worrisome 40% increase in cyberattacks during the second quarter of 2023 compared to the first quarter. The report encompasses data from March to May 2023 and provides crucial insights into the evolving landscape of cyber threats.

These attacks target a broad range of critical sectors, including public transit, utilities, schools, and other government services that people rely on daily. Unfortunately, these publicly funded organizations often operate with limited resources and have immature cybersecurity programs, making them vulnerable targets for both nation-state actors and underground criminals.

Amid the constant barrage of cyber threats, BlackBerry’s research team observed and stopped an astounding 1.5 million attacks within the 90-day period. These attacks highlight the ever-increasing sophistication and diversification of threat actors’ tools as they try to bypass defensive controls.

Cyberattacks by the Numbers

During the report’s analyzed period, threat actors launched approximately 11.5 attacks per minute, totaling an overwhelming number of attacks. Disturbingly, attackers unleashed around 1.7 novel malware samples per minute, marking a 13% increase from the previous reporting period. This rise underscores the need for organizations to remain vigilant and adapt to new attack vectors.

While all sectors face the risk of cyberattacks, some industries are disproportionately targeted. The healthcare and financial services industries continue to be prime targets due to the valuable data and critical services they handle. Cybercriminals view the healthcare sector as particularly lucrative, leading to attacks utilizing ransomware and infostealers to exploit vulnerabilities.

Financial institutions also bear the brunt of persistent threats due to their economic significance and concentration of sensitive data. The report highlights challenges that financial institutions face, such as the growing prevalence of commodity malware for ransomware attacks and the increasing focus on compromising digital and mobile banking services. Mobile threats, including data exfiltration, financial app spoofing, and SMS text interceptors, add to the complexity of protecting sensitive financial information.

Nation-State Actors and Their Tactics

The report identifies APT28 and the Lazarus Group as highly active state-sponsored threat actors during the second quarter of 2023, linked to Russia and North Korea, respectively. These threat actors typically target the United States, Europe, and South Korea, focusing on government agencies, military organizations, businesses, and financial institutions.

APT28 and the Lazarus Group are known for their adaptability, constantly refining their techniques to make their attacks harder to detect and defend against. This presents a significant challenge for governments and organizations that must confront well-resourced adversaries committed to espionage, disruption, and the theft of sensitive information.

Actionable Intelligence and Countermeasures

To provide actionable and contextual cyber-threat intelligence, the BlackBerry research team compiled a summary of the top 20 techniques employed by threat groups during the analyzed period, along with a comparison to the previous quarter. Additionally, the report offers a comprehensive list of countermeasures, utilizing the MITRE D3FEND framework, to mitigate the observed techniques.

The report also identifies the most effective Sigma rules, based on analyzing the 224,851 unique samples encountered and stopped by the BlackBerry Cylance® AI engine. Such insights enable organizations to enhance their defenses and better detect malicious behavior within their networks.

BlackBerry’s Threat Research and Intelligence team, composed of global researchers, continues to deliver pioneering research that aims to enlighten and educate readers. By combining cutting-edge technology, data-centric solutions, and AI-driven offerings, BlackBerry seeks to combat the escalating threats faced by governments and public service organizations.

Editorial and Advice

Urgent Need for Enhanced Cybersecurity

The increasing frequency and sophistication of cyberattacks targeting government and public service organizations demand immediate action. The vulnerability of these entities not only impairs their ability to fulfill essential duties but also jeopardizes the security and privacy of citizens.

Public-sector organizations must recognize the gravity of the threat landscape and prioritize cybersecurity initiatives. This implies allocating sufficient resources to build robust defenses, enhance employee awareness and training, and establish partnerships with cybersecurity experts to stay ahead of evolving threats.

A Call for Collaboration and Information Sharing

Cybersecurity is a shared responsibility that requires collaboration among governments, organizations, and individuals. The threat actors targeting public-sector organizations often operate across borders, necessitating international cooperation to combat cyber threats effectively.

Encouraging information sharing regarding cyber threats, vulnerabilities, and best practices is crucial. Governments should facilitate the exchange of actionable intelligence among stakeholders to bolster collective defenses and thwart potential attacks.

A Paradigm Shift in Cybersecurity

As cyber threats grow in scale and sophistication, it is essential to adopt a proactive and comprehensive approach to cybersecurity. Organizations must move beyond merely reacting to incidents and instead focus on implementing robust prevention, detection, and response mechanisms.

Investments in emerging technologies, such as artificial intelligence and machine learning, can augment cybersecurity capabilities and enable organizations to identify and defend against evolving threats promptly.

The Human Factor: Employee Training and Awareness

Cybercriminals often exploit human vulnerabilities, leveraging techniques like phishing and social engineering to gain unauthorized access or compromise sensitive information. Therefore, organizations should prioritize regular and comprehensive employee cybersecurity training programs.

Creating a culture of cybersecurity awareness will help individuals recognize and respond to potential threats, ensuring that employees become the first line of defense against cyber attacks.

Conclusion

The alarming surge in cyberattacks targeting government and public service organizations highlights the urgent need for enhanced cybersecurity measures. These entities must allocate resources, foster collaboration, and embrace advanced technologies to protect themselves and the citizens they serve.

With the global threat landscape evolving rapidly, it is imperative for organizations and governments to stay one step ahead of cybercriminals. By committing to robust cybersecurity practices and embracing proactive defense mechanisms, organizations can mitigate risks and safeguard critical infrastructure and sensitive data.