BlackBerry 2021 Annual Threat Report Uncovers Breadth of COVID-19 Exploitation

WATERLOO, ON, Feb. 24, 2021 /PRNewswire/ -- BlackBerry Limited (NYSE: BB; TSX: BB) today released the 2021 BlackBerry Threat Report, detailing a sharp rise in cyberthreats facing organizations since the onset of COVID-19. The research shows a cybercrime industry which not only adapted to new digital habits, but also became increasingly successful in finding and targeting vulnerable organizations. The research also highlights a dangerous new shift in the cybercrime world, one where mercenaries and crimeware-as-a-service models have become increasingly accessible.

At the outset of the pandemic, countless organizations suddenly had to support a large proportion of their workforce remotely, with many forced to digitize various parts of their infrastructure overnight. This evolution and adoption of digital offerings exposed companies to inadequate protections for employees and customers amongst an ever-growing and under-secured attack surface. There was also a greater merging of cyber and physical threats, with cybercriminals increasingly targeting healthcare organizations or using the pandemic to trick already vulnerable populations.

"The cybersecurity industry becomes more complex each passing year as new technologies, devices and innovations emerge - and at no time was that truer than in 2020, which witnessed everything from a global pandemic to the U.S. election," said Eric Milam, Vice President of Research and Intelligence, BlackBerry. "As the world becomes more interconnected and as new dimensions to cybercrime continue to rise, preparation will become a key factor in successful threat prevention in 2021."

Additionally, the report highlights a burgeoning crimeware-as-a-service business model as well as the increasing sophistication and collaboration of these hacker-for-hire groups. Not only was the ransomware-as-a-service model highly successful - especially as more non-digital natives transacted online - but the additional research into threat actors such as BAHAMUT and CostaRicto shows that these groups possess the tools once thought to be solely the domain of nation-state attackers. This presents a new danger for companies, one where attacks can be more frequent, skillful and targeted.

Key Findings in the 2021 Annual Threat Report

    --  Ransomware attacks shifted from performing indiscriminate targeting to
        conducting highly focused campaigns deployed via compromised MSSPs
    --  Elections remained vulnerable to cyber attacks through unsecured mobile
        technology, insufficient DMARC email protection, and over-exposure of
        personal information on social media
    --  Global automakers faced new regulations to protect connected vehicles
        from cyber attacks and data theft
    --  Numerous phishing campaigns targeted critical infrastructure systems
        across manufacturing, healthcare, energy services and food supply
    --  Mercenary threat groups experienced a year of growth as unscrupulous
        actors and organizations outsourced their cyber attacks
    --  Ransomware-as-a-service offerings grew in popularity, replacing
        traditional off-the-shelf ransomware with ready-made exploit kits,
        malspam campaigns and threat emulation software
    --  Newer APT groups like CostaRicto targeted disparate victims worldwide
        with their customized backdoors and tooling
    --  Emotet, the banking trojan turned attack platform, received new upgrades
        and capabilities, including a flaw that allowed BlackBerry researchers
        to easily identify and prevent it from installing on systems

"As both public and private organizations work to meet cyber espionage groups at ground zero, the foundation for robust security practices remains unchanged. From round-the-clock monitoring to AI-driven security tools and insider threat detection, the same time-tested security fundamentals - and an understanding of how current events impact an organization's attack surface - can make the difference between a data breach and a successful cyber defense," Milam continued.

To learn more, download a copy of 2021 BlackBerry Threat Report.

About BlackBerry
BlackBerry (NYSE: BB; TSX: BB) provides intelligent security software and services to enterprises and governments around the world. The company secures more than 500M endpoints including 175M cars on the road today. Based in Waterloo, Ontario, the company leverages AI and machine learning to deliver innovative solutions in the areas of cybersecurity, safety and data privacy solutions, and is a leader in the areas of endpoint security, endpoint management, encryption, and embedded systems. BlackBerry's vision is clear - to secure a connected future you can trust.

BlackBerry. Intelligent Security. Everywhere.

For more information, visit and follow @BlackBerry.

Trademarks, including but not limited to BLACKBERRY and EMBLEM Design are the trademarks or registered trademarks of BlackBerry Limited, and the exclusive rights to such trademarks are expressly reserved. All other trademarks are the property of their respective owners. BlackBerry is not responsible for any third-party products or services.

Media Contact:
BlackBerry Media Relations
+1 (519) 597-7273

View original content to download multimedia:

SOURCE BlackBerry Limited