Finance Industry Hit by 1 Million Cyberattacks in 120 Days, Blackberry Report

Cyberattacks against the financial industry surged in recent months, according to BlackBerry’s new Global Threat Intelligence Report which found 1 million attacks logged over 120 days between September and December 2023.

The attacks targeted high-value data, with bad actors primarily using commodity malware – which BlackBerry said indicates a large number of independent actors targeting the industry in what it terms “death by a million cuts.” 

Overall, BlackBerry registered a 27% increase in novel malware, rising to 3.7 malicious samples per minute. This is compared to 2.9 per minute in BlackBerry’s previous reporting period. 

In particular, hackers targeted critical infrastructure, including government, financial, health care and communications industries, which accounted for 62% of industry-related attacks over the reporting period. 

BlackBerry said these attacks are motivated by a desire to “debilitat[e] national infrastructure.”

Commercial businesses are also being targeted. 

Thirty-three percent of all threats were aimed at commercial enterprises including retail, manufacturing, automotive and professional services. Of these attacks, 53% were found to have deployed information-stealing malware to access highly sensitive data. 

BlackBerry predicted that 2024 will bring an increase in attacks targeting critical infrastructure and other profitable segments. In response, BlackBerry said businesses must learn to leverage AI for its cyberdefense. 

Related:Malware Attacks Rise 70%, Impacting Increasing Nations

“We’re consistently seeing increased volumes of attack in highly lucrative industries using novel malware,” said Ismael Valenzuela, BlackBerry’s vice president of threat research. “Novel malware typically indicates specific motivations from threat actors towards particular attack targets with intent to evade defenses, which are often based on static signatures.

“We’ve reached a pivotal point where traditional detection methods alone are not enough to combat this increasingly complex problem. AI is already being weaponized by malicious entities, so it must equally be the dominant tool for detection and defense.”