Between March and May 2023, BlackBerry’s cybersecurity branch successfully thwarted over 1.5 million cyberattacks and were able to identify various malware families with an unsettling prime characteristic: they actively seek to commandeer computer systems for the purpose of mining or pilfering cryptocurrencies. This highlights the growing threat posed by cybercriminals, who are leveraging increasingly sophisticated techniques to exploit vulnerable systems in pursuit of digital currencies.
Cybersecurity: the three most affected industries
While all organizations are vulnerable to cybersecurity threats, certain sectors are particularly prime targets for such criminal activity. The finance, healthcare, and government sectors represent the biggest and most catastrophic victims of cyberattacks according to a BlackBerry report: The three industries with the highest distribution of stopped cyberattacks and stopped unique/different samples during this period. Source: BlackBerry
The financial sector is heavily targeted, primarily for the valuable and sensitive data it possesses. Holding huge volumes of critical information like credit card numbers, Social Security numbers, and account balances, the sector faces numerous cybersecurity threats. According to a 2021 report by the Ponemon Institute, 23% of all cyberattacks targeted the financial sector, reflecting its susceptibility to such threats. Crucially, data breaches in this sector can result in significant financial loss and widespread identity theft.
The healthcare industry is another high-risk sector, storing immense amounts of sensitive patient data ranging from medical records to test results and insurance information. Falling victim to a cyberattack can not only have massive implications for patient privacy but also enable various crimes, including identity theft and blackmail. Staggeringly, in 2021, 17% of all cyberattacks were aimed at the healthcare sector.
Government agencies are also prone to cyberattacks due to the valuable sensitive information they hold. This data can include sensitive taxpayer data, military intelligence, and restricted government data. Cyberattacks on the government sector run a broader risk including espionage and sabotage. It is alarming that the government sector was targeted in 15% of all cyberattacks in 2021.
Source: IBM Newsroom
Financial implications of cyber attacks
The immediate financial implications of a cyber attack involve engaging the services of cybersecurity professionals to evaluate and repair the damage, alerting clients about the breach and potential exposure of their data, investing in system upgrades or replacements to avert future similar attacks, and providing customers with identity theft safeguards or other solutions.
IBM reports that in 2022, the average cost of a data breach was pegged at $4.35 million. It takes approximately 277 days to remediate the damage caused by a cyber attack (2022). In 2021, organizations had to shell out an average ransom of $1.85 million to retrieve their data, a significant increase from the $760,000 average in 2020. Following a data breach, 60% of businesses appropriately increased their prices.
Source: IBM report, data-breach
Is your organization a potential cyberattack target
In a recent with Steve Kovsky of BlackBerry, Ismael Valenzuela, the Vice President of Threat Research and Intelligence, warns that all organizations, irrespective of their size, are potential targets for cyberattacks.
Valenzuela insists that cybercriminals think in terms of impact and potential rewards, as opposed to the money or the size of the organization. Furthermore, the willingness to pay following a ransomware attack makes businesses attractive targets, considering a business’s potential loss if their systems are down and their dependency on getting back to operations swiftly.
Valenzuela adds another perspective on why small and mid-sized organizations are equally vulnerable to cyberattacks. He suggests that companies may be targeted because of their associations with larger organizations, making it easier for the attackers to breach the latter. The impact of such attacks could range from stealing valuable data, causing a disruption in business operations, to potentially gaining access to the databases of larger associated businesses.
The two also discussed the importance of regularly updated and contextualized cyber threat intelligence that is crucial for organizations of all sizes in their fight against cyber threats. This discussion took place as part of the 2023 RSA Conference in San Francisco.
Source: Am I a Cyberattack Target? How to Think Like a Hacker; BlackBerry
The big culprits: RedLine, Clop, and others
The nefarious RedLine, an infamous commodity malware, dons a daunting avatar in the cyber world. Its mission: to mercilessly siphon off sensitive information – from banking details to cryptocurrency holdings, revealing an alarming financial threat that has long been overlooked.
A startling revelation from BlackBerry indicates the industries which faced the brunt of halted cyberattacks along with the highest rates of intercepted unique malware within a certain duration. A glimpse into these statistics is enough to send a shiver down the spine of the most seasoned cybersecurity experts.
Enter the notorious Clop ransomware – a dreadful spawn of the CryptoMix ransomware lineage. Its preferred victims: banking and financial institutions. Exhibiting its ruthless prowess, this malicious software was the mastermind behind the infamous data breach that hit the Hatch Bank, a fintech heavyweight.
The records of BlackBerry’s archives reveal a chilling list of some of the most rampant malware families: SmokeLoader, RaccoonStealer also known as RecordBreaker in the cyber underbelly, and Vidar. SmokeLoader, with its roots tracing back to 2011, remains one of the oldest running rogue financial instruments. Russian based cybercriminals predominantly deploy it, utilizing its capabilities to infiltrate system defenses and launch crypto miners amongst other damaging malware.
How RaccoonStealer and Vidar are Exploiting Linux to Steal Cryptocurrency
Cryptocurrency seems to hold deep allure for RaccoonStealer that voids spaces to steal precious wallet data. Reports suggest it has a strong presence in dark web marketplaces. Vidar, conversely, exhibits a similar appetite as it aggressively scavenges and plunders cryptocurrency wallets, contributing to an alarming rise in cybercrime statistics.
Linux stands out as the most sought-after target among all operating systems. BlackBerry’s advice to regularly deploy security patches appears more pressing than ever. The appeal of Linux lies in the opportunity it offers hackers — a chance to hijack and manipulate computer resources for illicit profits through cryptocurrency mining.
Intriguingly, the macOS user base hasn’t been spared either. A new strain of infostealer, ominously named Atomic macOS or AMOS, targets them specifically. Its objective? To harvest highly sensitive credentials from keychains, browsers, and vital crypto-wallets, amongst others.
Beacon of hope
While the surge in cyber threats continues to cast a shadow over the digital horizon, advancements in security technologies, synergetic alliances among different stakeholders, the rise of ethical hacking, and increased investments indicate a positive trajectory towards counteracting this issue. And as we continue to face challenges in the digital landscape, AI, cryptocurrencies and their underlying blockchain technologies might provide a glimmer of hope for a more secure digital future.
Ultimately, to navigate through this often unpredictable digital terrain will not only require resilience, but a persistent and unified effort towards evolving preparedness that will open the gate to a more promising cyberspace.
English