Malware democratization, ChatGPT abuse and easy cross-platform programming of ransomware in one cybersecurity firm’s telemetry all spell major trouble ahead

Data from the Q1 2023 telemetry of BlackBerry’s protection ecosystem showed the greatest number of cyberattacks being intercepted in the United States, and Singapore debuting in the top 10 list of most-targeted countries in the metrics.

Hong Kong also made a debut: appeared in the list of countries that were most frequently attacked with unique malicious samples.

Other highlighted findings in the data include:

    • The financial, healthcare, and food retailing industries were targeted in 60% of all malware-based attacks.
    • The most common forms of attack were droppers, downloaders, remote access trojans (RATs), and ransomware.
    • The healthcare and financial sectors were most frequently targeted, with 59 new malicious samples intercepted everyday, and financial institutions experiencing over 231,000 attacks.
    • Threat actors from one region were noticed to be expanding to other regions. Case in point, ToddyCat, a threat actor that is historically associated with the APAC region, was recently also detected targeting victims in Latin American countries.
    • An unknown threat actor was detected targeting organizations based in Pakistan using custom phishing lures. Specifically, NewsPenguin targeted the Pakistan International Maritime Expo & Conference held in February 2023. The threat group’s motivations may be related to stealing information or espionage rather than financial gain.
    • The report stated that while Microsoft Windows remains the most targeted operating system for malware attacks, it is not uncommon for users of macOS, Linux, and mobile operating systems to also experience frequent attacks.
    • Multi-platform malware and ransomware such as a new one called Royal can target Linux, Windows as well as ESXi systems. Also, macOS malware was increasingly common due to cross-platform languages such as Rust and Golang (aka “Go”).
    • The democratization of malware (Malware-as-a-Service) was noted in the analysis to signal further growth of cyber threats and scams. The abuse of ChatGPT for malicious activities was also forecast to grow in the next few quarters.

According to the firm’s Vice President of Threat Research & Intelligence, Ismael Valenzuela, with the Russia-Ukraine saga evolving into a war of attrition, and with cyberattacks a well-documented component of the Russian military playbook, “this is a trend that will continue over the coming quarter and likely far beyond.”