Many of the quarter’s threat statistics in one cybersecurity ecosystem could have been lower — but attackers exploited human frailties to advantage.

For the period June 2023 – August 2023, one cybersecurity firm’s ecosystem showed a 70% increase in unique malware, highlighting how threat actors attacking in the firm’s client base have been continually targeting high-stakes or financially lucrative industries with novel tools, trojans and other methods.

One key trend noted for Q3 2023 was a continued rise in cyberattack intensity: approximately 26 attacks and 2.9 unique malware samples per minute.

Another trend was the usual targeting of financial and healthcare industries in the user base for the quarter. The financial sector was the most frequently attacked, with healthcare institutions coming in second, presumably due to the high-value data at stake, and the opportunity for cybercriminals and state-sponsored actors to disrupt essential services.

The third trend was that ransomware groups were making double extortion ransomware attacks a standard practice, quarter over quarter. LockBit, Cl0p, Cuba, and ALPHV ransomware groups were increasingly using double extortion tactics as an added push factor, in view of organizations worldwide improving their data backup strategies.

Underlying driver: macro-economic factors?

The final trend noted for the quarter was that clients in Australia and United States experienced the highest increase in public sector attacks: more than 50% reported incidents. Attacks involving the most unique malware was observed in the United States, then Japan, South Korea, India, and Canada.

According to Ismael Valenzuela, Vice President (Threat Research and Intelligence), BlackBerry, the firm that released its quarterly findings: “Malicious actors are working harder than ever to expand their range and volume of cyberattacks. The intensifying number of novel attacks targeting nations and industries demonstrates the impact of the macroeconomic climate on cybersecurity.”

The quarterly report also noted the following trends in concluding:

    • Despite early CVE warnings and patches, many users did not apply updates promptly.
    • Tooling overlaps were noted in attacks against the public and financial sectors. This may indicate that the same cybercriminal groups are targeting different institutions and organizations operating in different economic sectors.
    • Due to the continued proliferation of malware-as-a-service tools such as RustyStealer, RedLine, and Lumna Stealer, and the sharing and commodification of software tools, there is a blurring trend between attacks on traditional cybercrime assets and attacks on critical infrastructure in different countries.
    • Advanced persistent threat groups and similar threat agendas continued to lurk in the digital shadows, targeting Western-aligned governments and entities.
    • The most frequently used cybercriminal tactics for Q3 were system info ‘discovery’ and virtualization/sandbox ‘defense evasion’. Prioritizing the detection of these tactics in a network is critical.

Finally, the Q3 data is pointing to a new year of intensified attacks due to the Israel-Hamas war, the geopolitical and climate factors, generative AI abuse, and threat actors’ agility in trend-jacking and exploitation of commercial hype.