Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label BlackBerry research. Show all posts
Cyber Threat Intelligence
2023 Global Threat Report Black Cat BlackBerry research Cyber Attacks Cyber Security Survey Cyber Threat Intelligence

New Threat Intelligence Report Provides Actionable Intelligence Against Cyberattacks


In today’s world scenario, it has become a prime requirement for security experts to expand their focus on vulnerabilities that the innovative technologies may possess. They must build expertise when it comes to managing security risk, which can be acquired by a continuous analysis on global threat landscape and study the affects of a business’ decisions on its threat profile. Likewise, business heads must also put efforts into attaining awareness of their security posture, risk exposure and cyber-defense tactics that can subsequently impact their business operations.

BlackBerry Global Threat Intelligence Report

According to the report, modern business leaders get an easy access to this information. The global BlackBerry Threat Research and Intelligence team provided an actionable intelligence on attacks, threat actors and campaigns. The report was based on the telemetry obtained from Blackerry’s AI-based products and analytical capabilities, supplemented by other public and private intelligence sources. This allows you to make informed decisions and take prompt, effective action.

Mentioned below, are some of the key highlights of the ‘Global Threat Intelligence Report’: 

  • 90 days by the numbers: In order to create the intelligence report, the team surveyed more than 1.5 million stopped cyberattacks that has occurred between the period Dec. 1, 2022 and Feb. 28, 2023. 
  • Top 10 countries experiencing cyberattacks during this period: The US continues to lead in the percentage of attacks that were thwarted. Brazil has just overtaken Canada as the second most frequently targeted nation, with Japan and Canada following. However, the danger landscape has altered. Singapore made its debut appearance in the top 10. 
  • Most targeted industries by number of attacks: The telemetry shows that consumers in finance, healthcare services, and retailing of food and essentials were the targets of 60% of all malware-based attacks. 
  • Most common weapons: The most often utilized tools were droppers, downloaders, remote access tools (RATs), and ransomware. A targeted attack employing the Warzone RAT against a Taiwanese semiconductor business, cybercriminal gangs using Agent Tesla and RedLine Infostealer, and increased use of BlackCat ransomware were all things BlackBerry noted during the data gathering period. 

  • Industry-specific attacks: During this time, the healthcare sector had a sizable number of cyberattacks. This report also goes in-depth on attacks against manufacturing, critical infrastructure, financial institutions, and other key targets of sophisticated and occasionally state-sponsored threat actors engaged in espionage and intellectual property campaigns. However, as this analysis reveals, these crucial sectors are also frequently affected by crimeware and commodity malware.

Moreover, the report also provided actionable defensive countermeasures that a business could adopt, against some of the most notable threat actors, cyber weapons and attacks that they have mentioned. The defenses are apparently in the form of MITRE ATT&CK® and MITRE D3FEND™ mappings.  

Read more »
Spear Phishing Mails
APT-C-36 BlackBerry research Blind Eagle Check Point Cyber Attacks DNS service Hackers Spear Phishing Spear Phishing Mails

Blind Eagle: Hackers Targets Prominent Industries in Columbia


BlackBerry has recently published a report on a malicious actor, Blind Eagle. It is a cyberespionage campaign based in South America that has been targeting systems in Ecuador, Chile, Spain, and Colombia since the year 2019. 

The most recent threat activities conducted were primarily targeted at organizations in Colombia, involving sectors like “health, finance, law enforcement, immigration, and an agency in charge of peace negotiation in the country.” 

Check Point researchers, who recently examined the Blind Eagle, also known as APT-C-36, noted the adversary and its advanced toolset that includes Meterpreter payloads, distributes through spear-phishing emails. 

How Does APT-C-36 Operate? 

Blind Eagle’s phishing emails lure its victims over the false impression of fear and urgency. The email notifies its recipients that they have "obligaciones pendentes," or "outstanding obligations," with some letters informing them that their tax payments are forty-five days overdue. 

The cleverly-crafted emails are being provided with a link, navigating users to a PDF file that appears to be hosted on DIAN’s website but actually installs malware to the targeted systems, effectively launching the infection cycle. 

The BlackBerry researchers explain it further: 

"The fake DIAN website page contains a button that encourages the victim to download a PDF to view what the site claims to be pending tax invoices," says the BlackBerry researchers. "Clicking the blue button initiates the download of a malicious file from the Discord content delivery network (CDN), which the attackers are abusing in this phishing scam." 

"A malicious [remote access trojan] installed on a victim's machine enables the threat actor to connect to the infected endpoint any time they like, and to perform any operations they desire," they further add. 

The researchers also noted that the threat actors utilize dynamic DNS services such as DuckDNS in order to take control of the compromised hosts. 

Blind Eagle’s Operators are Supposedly Spanish 

Owing to the use of Spanish in its spear-phishing emails, Blind Eagle is believed to be a group of Spanish-speaking hackers. However, the headquarters from where the attacks are conducted and whether the attacks are carried out for espionage or financial gain are both currently undetermined. 

"The modus operandi used has mostly stayed the same as the group's previous efforts – it is very simple, which may mean that this group is comfortable with its way of launching campaigns via phishing emails, and feels confident in using them because they continue to work," BlackBerry said.  

Read more »
Subscribe to: Posts (Atom)