Hacker attacking internet
Image: xijian / Getty Images

As the number of ransomware attacks continue to rise, BlackBerry has found as a part of its annual threat report that there may be a shared economy amongst cyber criminals that is growing. BlackBerry says that this shared economy has been targeting small enterprises and that the root cause of the biggest ransomware attacks can be attributed to outsourced labor.

“Criminals are working out how to target us better. The infrastructure of the cyber underground has evolved so they can deliver more timely and personalized deceptions to the public,” said Eric Milam, BlackBerry’s Vice President of Research and Intelligence. “This infrastructure has also incubated a criminal shared economy, with threat groups sharing and outsourcing malware allowing for attacks to happen at scale. In fact, some of the biggest cyber incidents of 2021 look to have been the result of this outsourcing.”

Malware attacks and their focus

Hackers and cyber criminals have honed in on small enterprises as an increased focus of their attacks, as small to medium sized businesses (SMBs) face an average of 11 cyberthreats per day. According to the report, over 70% of SMBs have faced cyberattacks, and of those attacked, 60% are out of business within six months. In effect, a cyberattack on an SMB can and often is a death sentence for an enterprise, making it imperative that these smaller operations remain safe when it comes to security.

SEE: Google Chrome: Security and UI tips you need to know (TechRepublic Premium)

Russian-affiliated cyber criminal group REvil is one of the more notable hacker collectives, utilizing ransomware-as-a-service attacks on companies like JBS Foods, threatening their global supply chain. Additionally, REvil is initializing these ransomware attacks through targeted phishing campaigns, brute force attacks or software vulnerabilities. However, in multiple instances BlackBerry found these malicious actors were leaving behind text files containing IP addresses suggesting that the authors of the ransomware were not the ones carrying out the attacks, alluding to the shared economy from within the cyber underground.

The COVID-19 pandemic has also led to a spike in the number of cyberattacks from these hacker groups as well. According to BlackBerry, there was a 600% increase in cybercrimes due to the pandemic, and a whopping 667-million new malware detections were discovered worldwide during 2020. The report estimates that four million additional cybersecurity experts are needed globally to help mitigate the large number of digital attacks, and one million daily security alerts are seen in 25% of security operations centers.

Cybersecurity insights

One way BlackBerry proposes to cut down on these attacks and potential vulnerabilities is through Zero Trust Security, essentially identifying every user or machine as “at-risk” until it is cleared through a number of layers of security. Some of the approaches used in Zero Trust Security include:

  • Prevention-first technology
  • Protection-first approaches
  • Signature-based analysis
  • Artificial Intelligence (AI) and machine learning (ML) based anomaly and threat detection in the network layer
  • Advanced correlation across multiple telemetry sources

Prevention-first tools also provide a way to help protect organizations from cyberattacks, using AI and ML to identify a good binary and separate it from bad ones. These data sets can determine the danger posed by a file, and extract its features while correlating across math models to determine whether the file is safe or not. Vectorization assists in this process by converting input data into mathematical vectors using a format readable by ML algorithms.

With predictive AI models, cybersecurity can be enhanced by identifying malware using ML to anticipate how threats will appear and behave in the future. This allows the system to predict future malware attacks and variants by feeding the AI existing samples from across different threat landscapes. AI-driven cybersecurity then can detect both known and zero-day threats before their targets can be impacted by an attack.

Extended Detection and Response (XDR) security can also help unify protection using enriched threat intelligence by improving human and automated response reactions. An XDR platform can assist with correlating threat data by filtering out noise, providing analysts with a better understanding of the environment. This increased time can allow analysts to then make better informed and more effective security decisions based on the information provided by the XDR platform. This type of platform has the ability to combine the capabilities of several different products into one single and customizable experience across native and third-party products.

Digital forecasting

As 2022 gets underway, BlackBerry anticipates a number of cybersecurity investments will be made and continue by the U.S. government, including

  • Software supply chain security requirements
  • Consumer-oriented cybersecurity labeling programs
  • Compliance related to securing critical infrastructure sectors
  • Measures to protect government networks and critical infrastructure from cyberattacks
  • Improvements to public-private collaboration on cybersecurity initiatives
  • Accelerating efforts to equip government agencies with the cyber capabilities that they need to respond to rapidly evolving cyber-risks and cyberthreats

The company forecasts that a number of industries such as energy, transportation, finance, healthcare and defense all see additional cybersecurity enhancements implemented very soon, as governments tend to choose these sectors as the highest priority for cyberthreats. Government initiatives are also expected to add additional cybersecurity requirements in the energy, telecommunications and financial sectors, as BlackBerry expects new cybersecurity requirements to be put in place.

SEE: Password breach: Why pop culture and passwords don’t mix (free PDF) (TechRepublic)

IT modernization is also anticipated for 2022 and moving forward, thanks to the Technology Modernization Fund, allowing infrastructure funding to be contingent on investment into and planning for additional cybersecurity measures thanks to $1 billion in authorized funds as part of the Infrastructure Investment and Jobs Act. This act is expected to help fund cybersecurity grants for both state and local governments, according to the report.

In addition to this growth in cybersecurity measures, BlackBerry expects a continuation of the COVID-19 themed attacks that have persisted during the pandemic. The possibility posed by BlackBerry details an attack taken a step further by cyber criminals, taking advantage of the new COVID-19 tracking technology and making it an attractive target for hackers. Another possibility posed were immunization passports and the infrastructure behind them getting taken advantage of by these malicious parties. With this, governments around the world should feel pressure to adapt to all possible threats by adopting more aggressive measures to combat cyberattacks. While the measures these governments may employ is not known for now, but could include prevention-first security tools, Zero Trust frameworks, and more intrusive monitoring.

Subscribe to the Cybersecurity Insider Newsletter

Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered Tuesdays and Thursdays

Subscribe to the Cybersecurity Insider Newsletter

Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered Tuesdays and Thursdays