Ransomware, supply chain: Blackberry examines the cyber plagues of 2021

2021 is certainly a good year in terms of cyberattacks. From Acer to JBS Foods via Colonial Pipeline or even AXA, the targets have multiplied with the key to major operational and financial damage. In addition to companies – not to mention a host of public organisations, local authorities, etc. – groups have made it a point of honor to exploit flaws in widespread and critical solutions such as Exchange with the Hafnium gang, SolarWinds carried by organizations Russian-affiliated criminals, not to mention the rise of the Cobalt Strike C&C (command and control) toolkit used in malicious operations. This translated into spine-chilling numbers with 667 million new malware detections globally, a 600% increase in cybercriminal activity in the Covid-19 crisis period and 1 million security alerts including 25% processed in operational security centers (SOC). But that’s not all: 76% of mobile applications contain insufficiently secure data, which is also problematic in a context where smartphones and tablets have largely become work tools in their own right.

“Cyberattacks in 2021 have affected people at all levels, from large organizations to individual mobile phones. It reminds us that no one is immune. When a cyberattack occurs, there is no immunity,” says Blackberry in its latest Threat Report 2022 study. No wonder: several recent analyzes show that 63% of mobile applications tested use open source code known to being vulnerable is reminiscent of Blackberry. A situation which, with the proliferation of Log4j exploits, is ultimately – unfortunately – nothing surprising. In North America, security holes related to smartphones have exploded with no less than 300% increase in the number of SMS phishing attacks year over year. France is of course not spared: that anyone who has never received a text message dangling from a win in a contest from a major brand being usurped in passing, or to go to a link (corrupted ) so as not to lose training credits.

Breakdown of the most significant cyber threats in 2021. (credit: Blackberry)

APT groups behind supply chain attacks

Among the most significant threats this year, those of the supply chain type, affecting companies through exploits on the infrastructures (servers, software, web services, etc.) of their service providers, partners, suppliers, etc. arrive in a very good position. And this, while threat actors are working hard to use their latest malicious technologies (ransomware as a service in particular) to trap companies. “Attackers will continue to exploit events that make organizations more vulnerable than usual,” Blackberry warns. Of the 24 recent supply chain attacks, APT groups were behind half of them, according to the study.

Regarding the most significant cyber threats, the study by the security provider points out Cobalt Strike, which collected data on more than 7,000 servers and deposited a total of 60,000 beacons on the systems. “Malicious actors are increasingly inclined to concede their traffic from monitoring systems making the task of blocking automation complicated,” warns the report. “There are large, reputable companies in the top 20 hosting Cobalt Strike beacons,” Blackberry says. Unsurprisingly, ransomware is on the podium of the most widespread types of attacks with in particular the heavy work of REvil (which after an attempted resurrection received a fatal blow from the Russian authorities in early 2022), Darkside (reincarnated as BlackMatter and BlackCat) Conti, Avaddon, Ragnar Locker, Hive. Then come data thieves like Redline, Agent Tesla, Ficker, Hancitor. Which puts on the top 10 malicious threats. “The dual ransom extortion and data exfiltration strategy has now become the norm,” says Blackberry. Not to mention the proliferation of increasingly virulent DDOS.

Evolution of the typology of REvil attacks according to sectors in 2021. (credit: Blackberry)

“Criminals seek to optimize their targeting. The infrastructure of the cyber underground has evolved so that attacks can now use decoys that are more personalized and better suited to the audience they are targeting,” explained Eric Milam, vice president of research at BlackBerry. “This infrastructure has also given rise to a shared criminal economy. This is because threat groups share and outsource malware, thus being able to carry out attacks on a larger scale. In fact, some of the biggest cyber incidents of 2021 appear to be the result of this type of method.”

In its study, Blackberry also points out that SMEs are reference targets for cybercriminals and that this phenomenon should increase in the coming months. Currently, these companies face more than 11 cyber threats per device per day, according to the provider. “Public Cloud Platforms Unwittingly Host Malware An increasing number of payloads are hosted on public cloud platforms. The majority of them are very malleable and can therefore be personalized at a lower cost,” the company also warns. “2021’s Biggest Attacks Likely Were Outsourced On multiple occasions, BlackBerry has seen traces (files containing IP addresses and other information) left behind by threat actors. In other words, the developers behind the sophisticated ransomware would not be the ones carrying out the attacks, highlighting the phenomenon of shared economy in the underground cyberspace”.