Small businesses are an increasing focus of cyberattacks, BlackBerry warned in its latest annual threat report.
“While attacks on large organizations dominated the 2021 news cycle,” the company says in its annual threat report, “small to medium-sized businesses (SMBs) also suffered countless attacks, both directly and through the supply chain. BlackBerry threat researchers discovered SMBs averaging 11 to 13 threats per device, a number much higher than enterprises.”
The report, issued Tuesday, also found
- Public cloud platforms are unwittingly hosting malware:Â An increasing number of payloads are being housed in public cloud platforms. The majority of these payloads are highly malleable, the report says, meaning they can be cheaply customized. This trend was especially prevalent in North America, where local hosting of vicious payloads including Cobalt Strike surged. Cobalt Strike is a legitimate penetration testing tool attackers often use as part of an initial compromise;
- 2021’s biggest attacks may have been outsourced: In multiple incidents, BlackBerry identified threat actors leaving behind playbook text files containing IP addresses and more, suggesting the authors of sophisticated ransomware are not the ones carrying out attacks. This highlights the growing shared economy within the cyber underground;
- What’s old is new – with a twist: The proliferation of digital channels has brought old tactics – such as phishing and watering hole attacks – back into the mainstream, primarily because of their ability to scale. This suggests these tactics will continue to see relevance as digital innovations like the metaverse and increased AR solutions come to market.
Threat actors owed their success in 2021 to a variety of factors, says the report. “Many have learned to adopt and mimic private sector capabilities by using service providers such as ransomware-as-a-service (RaaS), infrastructure-as-a-service (IaaS), and malware-as-a-service (Maas) to leverage malicious attacks. Others have created a layer of obfuscation between themselves and their targets by using IABs and impersonating other threat groups. New programming languages were exploited to some effect, with Go, D, Nim, and Rust making appearances across the threat landscape. Cobalt Strike remained active as a pivotal tool for command-and-control networks to proliferate malware and attacks.”
Another significant finding is that vulnerabilities impacting appliances, especially VPNs, firewalls, and perimeter network devices, remain the root cause of many incidents. While these vulnerabilities are often dated and have been patched, BlackBerry saw several incidents where devices had remained unpatched and were exploited by attackers.
In other cases, the report adds, previously vulnerable network appliances were patched, but not until after they were already compromised. These incidents resulted in credentials being stolen or back doors being installed. “The sheer number of compromised environments and credentials have bolstered flourishing dark web marketplaces, where premiums are placed on domain administrator accounts. However, it is not difficult to find company or private credentials that are available for free, as well,” the report says.
The report also repeats BlackBerry’s call for the Canadian government to consider establishing a senior government position like the new U.S. National Cyber Director to help elevate cybersecurity in government policy and foster cyber resilience across departments.
The report is available here. Registration is required.
