The rate of cyberattacks is rising as the threat level continues to evolve, according to BlackBerry Limited’s latest Global Threat Intelligence Report.

In the first quarter of 2024. BlackBerry detected 3.1 million cyberattacks — around 37,000 per day and the report noted during this period, BlackBerry identified 630,000 malicious hashes, representing a 40% increase from the previous reporting period.

More than eight in 10 (82%) of the attacks recorded by BlackBerry targeted the United States, while more than half (54%) of these attacks contained new previously unobserved malware.

BlackBerry observed a 40% per-minute increase in novel hashes (unique malware) compared to the previous reporting period, averaging 7,500 unique malware samples per day, or 5.2 per minute.

Based on its data analysis, the report predicts that threat actors will continue to take extensive measures to target their victims selectively.

The rise in new ransomware and infostealers indicates that private data is likely to remain highly sought after, with sectors like healthcare and financial services being prime targets for attacks.

Commercial enterprises also saw a rise in threats, with 36% of all attacks targeting sectors such as retail, manufacturing, automotive and professional services, a 3% increase from the last reporting period.

Cyberattacks Using Social Engineering Tactics

The report noted social engineering tactics are increasingly being used by threat actors to obtain account credentials and distribute malware.

Common vulnerabilities and exposures (CVEs) are being rapidly weaponized in all forms of malware, especially ransomware and infostealers.

In fact, 56% of the 8,900 CVEs reported during this period were given a severity score of seven out of ten, a 3% increase from the previous period.

Despite high-profile takedowns, ransomware groups like LockBit, Hunters International and 8Base continue to wreak havoc globally.

The report warned these threats are expected to persist throughout a politically charged year, with disinformation and deepfake campaigns pervasive across social media.

Russia’s invasion of Ukraine, ongoing conflicts in the Middle East, and global elections will influence how threat actors select their targets and methodologies.

Threat Actors Evolve TTPs

Ken Dunham, cyberthreat director at Qualys Threat Research Unit, explained threat actors are constantly developing their tactics, techniques and procedures (TTPs), or how they technically attack, for maximum effectiveness.

“This requires continual monitoring, learning and adjustments by the global security community,” he said.

For example, QR codes used in email threats are a newer TTP utilized as a threat vector by some to subvert existing security controls, requiring counter-controls and actions by organizations to ensure user-awareness training and technical controls.

From Dunham’s perspective, the best SecOps programs are driven by cyberthreat intelligence (CTI) – informed priorities specific to the business and threats to organizational assets, to best reduce risk continually.

“Global instability in a US election year, and a notable increase in attacks upon critical infrastructure from groups like Volt Typhoon and others, are likely to continue with additional attention and awareness by the global community,” he cautioned.

He explained nation-state groups best benefit from strategic control and abuse of critical infrastructure by applying pressure – when and where desired – in a limited fashion, to achieve strategic outcomes combined with other political and global circumstances of interest.

Critical Infrastructure at Risk

Sarah Jones, cyberthreat intelligence research analyst at Critical Start, said the future of cybercrime targeting critical infrastructure looks bleak.

“We predict a rise in attacks aimed at causing widespread disruption, not just data theft,” she said.

This could involve targeting power grids and water treatment facilities or exploiting weaknesses in the supply chains of critical infrastructure providers.

She added social engineering tactics, like phishing and malware, will remain prevalent, further amplifying the impact.

“To make matters worse, disinformation campaigns might be used to sow chaos and public distrust during attacks, hindering response efforts,” Jones said.