BlackBerry Research: MSSPs Increasingly Targeted by Hacker-for-Hire Groups

BlackBerry research shows hacker-for-hire groups heavily targeting MSSPs, while mercenaries and crimeware-as-a-service are gaining in popularity.

The 2021 BlackBerry Threat Report shows a sharp rise in cyber threats facing organizations since the onset of COVID-19.

The cybercrime industry has not only adapted to new digital habits, but has became increasingly successful in finding and targeting vulnerable organizations.

Barrage of False Information

Claudiu Teodorescu is director of threat research at BlackBerry.

BlackBerry’s Claudiu Teodorescu

“Perhaps the most surprising finding was just the amount of false information that’s been able to circulate over the past year,” he said. “The report took a high-level look at the burgeoning crimeware-as-a-service business model that’s allowing for an incredible level of sophistication in disseminating deepfakes and disinformation campaigns. Threat actors like CostaRicto and BAHAMUT now have the capabilities and tools of groups once thought to be the domain of nation-state attackers.”

These hacker-for-hire groups are getting more sophisticated, Teodorescu said. Moreover, they collaborate among one another. That adds to the complexity in combatting false messages.

From Elections to Connected Vehicles

Among the report’s findings:

• Ransomware attacks shifted from performing indiscriminate targeting to conducting highly focused campaigns deployed via compromised MSSPs.
• Elections remained vulnerable to cyberattacks.
• Global automakers faced new regulations to protect connected vehicles from cyberattacks and data theft.
• Numerous phishing campaigns targeted critical infrastructure systems across manufacturing, health care, energy services and food supply sectors.
• Mercenary threat groups experienced a year of growth as unscrupulous actors and organizations outsourced their cyberattacks.
• Ransomware as a service grew in popularity. This replaced traditional off-the-shelf ransomware with ready-made exploit kits, malspam campaigns and threat emulation software.
• Newer advanced persistent threat (APT) groups like CostaRicto targeted disparate victims worldwide with their customized backdoors and tooling.
• Emotet, the banking trojan turned attack platform, got new upgrades and capabilities. That includes a flaw that allowed BlackBerry researchers to identify and prevent it from installing on systems.

Direct Influence of Pandemic

“The trends we noticed during last year were directly influenced by the pandemic with a lot of the workforce being forced to work from home that allowed the BYOD policies to be relaxed,” Teodorescu said. “Also, to allow people working from home, companies needed to allow for remote connections which opened the attack surface. Using COVID-19 as a theme was another obvious trend that was exploited last year for spear-phishing campaigns.”

With ransomware increasing constantly, patch efficiency, antivirus software and simple endpoint administration are no longer enough, he said.

“Security teams must choose [anti-]malware that uses signature-based patterns, behavioral analytics and machine learning, as well as a strong R&D team behind it,” Teodorescu said. “Also, a data leak prevention (DLP) solution is a must for organizations to mitigate the sensitive data exfiltration risk.”

It’s also important to make sure you store all backups offsite, he said.

“While there will certainly be challenges, COVID-19 and the accelerated shift to digitally transform does present opportunities for MSSPs to add value,” Teodorescu said. “In fact, Gartner predicts that businesses will spend $3.9 trillion throughout 2021 to evolve and improve their digital offerings.”