Site icon IT World Canada

Hackers are increasingly targeting small businesses: BlackBerry

Featured image - cyber attack

Small businesses are an increasing focus of cyberattacks, BlackBerry warned in its latest annual threat report.

“While attacks on large organizations dominated the 2021 news cycle,” the company says in its annual threat report, “small to medium-sized businesses (SMBs) also suffered countless attacks, both directly and through the supply chain. BlackBerry threat researchers discovered SMBs averaging 11 to 13 threats per device, a number much higher than enterprises.”

The report, issued Tuesday, also found

Threat actors owed their success in 2021 to a variety of factors, says the report. “Many have learned to adopt and mimic private sector capabilities by using service providers such as ransomware-as-a-service (RaaS), infrastructure-as-a-service (IaaS), and malware-as-a-service (Maas) to leverage malicious attacks. Others have created a layer of obfuscation between themselves and their targets by using IABs and impersonating other threat groups. New programming languages were exploited to some effect, with Go, D, Nim, and Rust making appearances across the threat landscape. Cobalt Strike remained active as a pivotal tool for command-and-control networks to proliferate malware and attacks.”

Another significant finding is that vulnerabilities impacting appliances, especially VPNs, firewalls, and perimeter network devices, remain the root cause of many incidents. While these vulnerabilities are often dated and have been patched, BlackBerry saw several incidents where devices had remained unpatched and were exploited by attackers.

In other cases, the report adds, previously vulnerable network appliances were patched, but not until after they were already compromised. These incidents resulted in credentials being stolen or back doors being installed. “The sheer number of compromised environments and credentials have bolstered flourishing dark web marketplaces, where premiums are placed on domain administrator accounts. However, it is not difficult to find company or private credentials that are available for free, as well,” the report says.

The report also repeats BlackBerry’s call for the Canadian government to consider establishing a senior government position like the new U.S. National Cyber Director to help elevate cybersecurity in government policy and foster cyber resilience across departments.

The report is available here. Registration is required.

Exit mobile version