Video Poster Image

Global Threat Intelligence Report

Download the November 2023 Edition

Reporting Period: June 1 – August 31, 2023

This threat report covers the threat landscape for June – August 2023. It is based on cybersecurity data from BlackBerry Cylance® AI and the BlackBerry Threat Research and Intelligence Team.

November 2023 Threat Report Highlights

In this threat report, the BlackBerry Threat Research and Intelligence team examines the challenges faced by many industry sectors, with a focus on protecting government and public entities, risks within the healthcare sector, safeguarding critical infrastructure, and the importance of protecting vulnerable entities within the financial sector.

This report covers threats encountered June 2023 through August 2023. Here are some of the highlights.

70% Increase in Unique Malware

From June to August 2023, BlackBerry Cybersecurity solutions stopped 3,368,519 cyberattacks. BlackBerry observed an average of 4,237 unique samples per day against our customers, totalling 381,340 malicious samples over this reporting period, an increase of nearly 70 percent over the previous reporting period.
Volume of Cyberattack Activity, June – Aug 2023
Volume of attacks and unique malware hashes over time.
The number of attacks that BlackBerry customers are facing has substantially increased over the past three months and demonstrates an even wider diversification of attacks and types of tools deployed to bypass defensive controls, especially those used in legacy, signature-based solutions.

Top 5 Countries Most Targeted by Cyberattacks

The countries most targeted by cyberattacks are:

  1. The United States
  2. Canada
  3. Japan
  4. Peru
  5. India

In the North American region, the United States is the most attacked nation, followed by Canada. In the Asia-Pacific region, Japan experienced the third highest number of attacks, as it did in past reports. In Latin America, Peru is new to our list. In the Asia-Pacific region, India joined the list as the fifth most attacked country.

Countries Most Targeted by Cyberattacks
Attacks stopped by country.

Top 5 Countries Most Targeted by Unique Malware

The countries most targeted by unique malware are:

  1. The United States
  2. Japan
  3. South Korea
  4. India
  5. Canada

As to unique malware, the United States experienced the highest percentage. Japan was second, followed by South Korea (third) and India (fourth). Canada came in fifth.

Top 5 Countries Most Targeted by Unique Malware
Unique hashes by country.

Cyberattacks by Industry

The top four most heavily targeted industries are:

  1. Finance
  2. Healthcare
  3. Government
  4. Critical Infrastructure

These are the top four most targeted industries with the highest distribution of stopped cyberattacks and of stopped unique/different samples during this period.

Cyberattacks by Industry
This demonstrates how attacks on the top four most heavily targeted industries we observed in this reporting period—finance, healthcare, government, and critical infrastructure—follow a similar pattern. Topping the chart as the most frequently attacked industry (for obvious reasons), the financial industry sees a lot of malware reuse in attacks against it, which is common practice in widespread cyber crime campaigns. More concerningly, we see the highest number of unique hashes targeting healthcare, which can be an indication that there were more attacks on specific targets within the healthcare industry in this reporting period.

CVE Quarterly Data

The National Vulnerability Database has identified approximately 7,000 new Common Vulnerabilities and Exposures (CVEs) this reporting period. When a new CVE is uncovered it is typically given a score based on the impact and severity of the issue, ranging from one to 10. This gives an indication on how critical it is to patch or update a vulnerable system. In the previous reporting period, over 52 percent of scored vulnerabilities had a score of over 7.0, while 25 percent of vulnerabilities rated a 7.0.
CVE Severity, June – August 2023
Breakdown of CVE severity.

CylanceGUARD Data

CylanceGUARD is a subscription-based MDR service that provides 24x7x365 monitoring and helps organizations stop sophisticated cyberthreats looking to take advantage of gaps in their security program. The BlackBerry MDR team tracked thousands of alerts over this reporting period. Here, we break down the telemetry region by region to provide additional insight into the current threat landscape.
Top 5 CylanceGUARD Alerts
Top 5 CylanceGUARD alerts by region.

Get the BlackBerry Global Threat Intelligence Report

Download the full report to learn about the recent threats seen firsthand by the researchers and analysts of the BlackBerry Threat Research and Intelligence team. Our quarterly threat report provides the latest information about the global cybersecurity threat landscape, including:

  • Industry-specific cyber threat intelligence
  • Global threat landscape analysis and commentary
  • Top active threat actors
  • Top tools used by threat actors
  • CVEs with impacts
  • Most prevalent malware familes for Windows, Linux, macOS, and Android
  • Top MITRE techniques used by threat actors
  • Top public Sigma rules to detect threats
  • Top malware stories of 2023
  • Threat landscape predictions for 2024

Legal Disclaimer

The information contained in the 2023 BlackBerry Global Threat intelligence Report is intended for educational purposes only. BlackBerry does not guarantee or take responsibility for the accuracy, completeness and reliability of any third-party statements or research referenced herein. The analysis expressed in this report reflects the current understanding of available information by our research analysts and may be subject to change as additional information is made known to us. Readers are responsible for exercising their own due diligence when applying this information to their private and professional lives. BlackBerry does not condone any malicious use or misuse of information presented in this report.