The BlackBerry 2022 Threat Report is not a simple retrospective of the cyberattacks of 2021. It is a high-level look at issues affecting cybersecurity across the globe, both directly and indirectly. It covers elements of critical infrastructure exploitation, adversarial artificial intelligence (AI), initial access brokers (IABs), critical event management (CEM), extended detection and response (XDR), and other issues shaping our current security environment.
The research represents a unique piece of the overall security puzzle. Its goal is to improve the global security posture by sharing information, predictions and experiences. To accomplish that, the report examines 2021’s major security events and how they may shape the cybersecurity landscape going forward. It provides a deep dive into the cybersecurity issues security leaders face today and offers the industry additional information and context within which to perform a thoughtful analysis.
That said, the report also includes a breakdown of the top 10 malware attacks witnessed by BlackBerry over the past year, as well as a review of incident responses (IR), annual cybersecurity legislative updates and near-term predictions. Many of the sections of previous threat reports have returned. In addition to those returning topics, this year’s research explores other relevant, emerging themes, such as supply chain attacks, dangerous new programming languages, security in the metaverse, quantum computing and ransomware campaigns.
The fluidity of modern cyberattacks can require organizations to frequently rethink their approach to cybersecurity and consider new options. We must constantly assess new technologies and approaches that can outperform legacy antivirus solutions, ranging from prevention-first AI to adopting a zero trust architecture. Accordingly, the BlackBerry 2022 Threat Report offers suggestions on cybersecurity strategies and technologies that could have prevented the greatest security lapses of the past year.
The most widely publicized cyber events of 2021 involved ransomware attacks on critical infrastructure and technology companies. The ransomware threat group REvil attacked Acer, JBS Foods and others while DarkSide crippled Colonial Pipeline and Avaddon infiltrated AXA. In short, the scope and success of various threat groups last year — particularly against private sector companies considered part of national infrastructure — proved unsettling.
Governments responded to the attacks. G7 countries and NATO allies put cybersecurity at the top of the public policy agenda. U.S. President Joe Biden issued an Executive Order on “Improving the Nation’s Cybersecurity,” while the Department of Justice established a Ransomware and Digital Extortion Task Force.
As the year wore on, a Microsoft Exchange Server zero-day vulnerability spiraled into a crisis after the Hafnium group exploited the flaw. Other threat actors were quick to capitalize on the opportunity by reverse-engineering the patch and targeting organizations worldwide. The swift proliferation of Hafnium-style attacks reinforced the importance of both organizations and individuals keeping software up to date. However, updating software as a reactive practice cannot save the initial victim of an attack — also known as the “sacrificial lamb.” This has many organizations looking to alternative security approaches, such as the zero trust framework, XDR and prevention-first AI.
At the end of 2020, a supply chain attack against SolarWinds made international headlines. The same style of attack reemerged in 2021, when Kaseya’s VSA software was compromised, ultimately affecting over 1,000 businesses. Supply chain attacks often rely on the trust already established between providers and customers to propagate — offering another strong case for adopting a zero trust framework. While cyberattacks on large organizations dominated the 2021 news cycle, small to medium-sized businesses (SMBs) also suffered countless attacks both directly and through the supply chain. BlackBerry threat researchers discovered SMBs averaged 11 to 13 threats per device, a number much higher than large enterprises.
Threat actors owe their success in 2021 to a variety of factors. Many have learned to adapt and mimic private sector capabilities by using service providers such as Ransomware as a Service (RaaS), Infrastructure as a Service (IaaS) and Malware as a Service (Maas) to bolster malicious attacks. Others have created a layer of obfuscation between themselves and their targets by using IABs and impersonating other threat groups. New programming languages were exploited to some effect, with Go, D, Nim and Rust making appearances across the threat landscape. Cobalt Strike remained active as a pivotal tool for command-and-control networks to proliferate malware and attacks.
Progress was made on integrating security into connected vehicles with the International Organization for Standardization, the Society of Automotive Engineers and the United Nations providing firm guidance to automakers. Mobile apps remained notoriously unsecure. The vulnerable SHAREit app, which allowed remote code execution, was downloaded more than one billion times. Recent studies found that 63% of tested mobile apps use open-source code known to be vulnerable. Adding to smartphone users’ woes, SMS phishing (smishing) attacks were up 300% in North America over the last year.
The cyberattacks of 2021 affected people at every level, from large organizations to individual cellphone users. Our internal reporting shows that every industry is open to cyberattacks. The same cybersecurity issues that threaten nonprofits are also risks for transportation companies, public organizations, utilities, healthcare organizations and financial institutions, among others. It reminded the cybersecurity industry that no one is safe. When it comes to cyberattacks, there is zero immunity. However, there is cause for hope.
There are several cybersecurity innovations and approaches offering stronger protection to organizations. For example, organizations seeking effective new security measures should consider adopting a zero trust framework. They could also use prevention-first technology, migrate to an XDR platform, or engage a managed XDR team. More on these and other critical topics of our day in my columns to come.