New Malware Becoming More Prevalent in Cyberattacks


Blackberry Limited has released its latest Global Threat Intelligence Report, which reveals a 40% increase in new malware used in cyberattacks, which were occurring at a rate of 5.2 attacks per minute between January and March 2024.

Between January and March 2024, BlackBerry detected 630,000 malicious hashes, representing a 40% increase from its previous reporting period. 60% of attacks targeting industry were directed at critical infrastructure, including government, healthcare, financial, and communication industries, of which 40% targeted the financial sector.

“Each iteration of this report highlights startling new trends,” said Ismael Valenzuela, Vice President of Threat Research and Intelligence at BlackBerry. “Novel malware is growing with no signs of stopping, and threat actors are highly motivated, be it for financial gain or to create chaos. In a year where over 50 countries are holding elections, geopolitical tensions are at an all-time high, and every nation will soon be fixated on the Olympic Games, the threat landscape can feel overwhelming to navigate. This report provides a snapshot of where threat actors are looking, how they are operating, and what we can expect in the coming months so defenders can be one step ahead.”

Highlights from the latest BlackBerry Global Threat Intelligence Report include:

  • The United States severely outnumbers the world in cyberattacks: According to Blackberry’s internal telemetry, 82% of cyberattacks targeted the US during this reporting period. 54% of those attacks contained unique (new) malware, meaning attacks contained previously unobserved malware.
  • Attacks based on novel malware increased by 40% per minute: BlackBerry observed a 40% per-minute increase in novel hashes (unique malware), compared to the previous reporting period. This represents an average of 7,500 unique malware samples per day targeting our customer base, or 5.2 per minute.
  • Commercial enterprise threats slowly but surely rise: 36% of all threats targeted commercial enterprises (including retail, manufacturing, automotive and professional services), a 3% increase from the last reporting period. Yet, this sector saw a 10% jump in instances of new malware. Commercial enterprise remains a target for threat actors as they grow more sophisticated, often using social engineering to obtain account credentials and distribute malware.
  • Common vulnerabilities and exposures are rapidly weaponised in all forms of malware, especially ransomware and infostealers: CVEs provide a framework for identifying, standardising and publicising known security vulnerabilities and exposures. 56% of the 8,900 CVEs reported during this reporting period were given a severity score of seven out of a possible ten. This represents a 3% increase from the previous reporting period.
  • Despite takedowns, ransomware groups wreak havoc: Globally, the top three ransomware groups active this period were LockBit, Hunters International, and 8Base.

These threats will continue to be underpinned by a politically charged year globally, with disinformation and deepfake campaigns continuing to be pervasive across social media. Russia’s invasion of Ukraine, the continuing conflict in the Middle East, and global elections will be the dominant variables in how threat actors adapt their targets and methodologies.

Based on its data analysis, the BlackBerry Threat Intelligence and Research team predicts that threat actors will continue to take extensive measures to target their victims carefully. A rise in new ransomware and infostealers indicates that private data will continue to be highly sought after by threat actors, where sectors like healthcare and financial services will be top targets for attack.

You can download a copy of the report here.