Unveiling Cyber Threats: Ismael Valenzuela, Blackberry Discusses Motivations, Vulnerable Industries, and Defensive Strategies

We sat down with Ismael Valenzuela, VP of Threat Research & Intelligence, BlackBerry to discuss the evolving motivations of cyber threat actors and the increasing vulnerabilities in critical infrastructure and commercial enterprises. Ismael delves into the specific factors contributing to the surge in cyberattacks and offers insights on proactive strategies organizations can implement to fortify their defenses against these emerging threats.

Can you shed light on the primary motivations driving threat actors to intensify their attacks in recent times? Are there specific geopolitical or economic factors at play?  Threat actors are typically motivated by financial gain, military, geopolitical or social cause. When the objective is to achieve financial gain, and in particular with ransomware attacks, the larger the impact they have, the more enticed affected organizations are to pay. As with any other business, if the activity is shown profitable, cybercriminals will double their efforts, even if this means creating chaos on their victims.  Nation states actors have a historical record of wreaking havoc in sensitive industries, causing social and political division as a result. Regardless of financial gain or actor motivations, we see this happen most in critical infrastructure. The wider availability of cyberweapons and the larger attack surface organizations have as a result of the digital transformation, also contribute to the increase in attacks. 

Which industries are currently most vulnerable to cyberattacks, and what makes them particularly attractive targets for threat actors?  BlackBerry’s research observed an uptick in threats to critical infrastructure, likely because attacks on this sector elicit a quick response.  It's catastrophic for critical infrastructure like water treatment facilities or hospitals to be compromised because the integrity of these structures and organizations are critical to civilian life. Interruptions can have major and long-lasting impacts, as we’ve seen with the recent Change Healthcare attack. Organizations within critical infrastructure sectors have a lower tolerance for downtime, so there is typically a greater willingness to pay ransom, which satisfies financially motivated threat actors. In an additional challenge, organizations in this sector do not always have the security budget or defenses in place to protect themselves from attacks, making them an easy target. 

Additionally, commercial enterprises like retail, capital goods, wholesale, and trade were increasingly targeted by infostealers in the past quarter. These enterprises process large amounts of EFT transactions and PII data, which can be sold on the dark web or held for ransom by threat actors. We believe attacks in the commercial enterprise sector will increase over time as well. 

What are the latest attack methods being employed by cybercriminals? Have you observed any significant shifts in tactics that organizations should be aware of? Last quarter alone, there was a 70% increase in novel malware attacks, with healthcare and critical infrastructure being two of the most prominent areas novel malware was found. We’ll likely see this trend continue – financiers working with smaller groups to develop resource intensive but hard-to-detect novel malware with high ROI potential on profitable sectors.  

Based on your research and intelligence, what proactive steps can organizations take to mitigate the risk of these increasingly driven threat actors and protect themselves from emerging attack methods?  Security leaders should routinely examine their technology stacks to understand the strengths and weaknesses in their security posture, especially in industries like critical infrastructure and commercial enterprise. As threat actors rely more heavily on novel malware, supply chain attacks, and zero days, it’s more important than ever to have a defensible security architecture, effective security tools and tested security protocols to mitigate the impact of an attack. Regular tabletop exercises are also of utmost importance, so organizations– especially those who cannot afford downtime– know how to act swiftly and do not crumble under the pressure of an attack.