BlackBerry threat analysis report sounds pessimistic warning for retail and automotive brands

James is editor in chief of TechForge Media, with a passion for how technologies influence business and several Mobile World Congress events under his belt. James has interviewed a variety of leading figures in his career, from former Mafia boss Michael Franzese, to Steve Wozniak, and Jean Michel Jarre. James can be found tweeting at @James_T_Bourne.

If you are in the automotive or retail space, expect more cyber threats in the coming year – according to a new report from BlackBerry.

The company’s 2020 Threat Report, put together using insights from Cylance, the anti-malware provider acquired by BlackBerry one year ago, analysed various attack vectors of interest to bad actors, from coin-mining to ever-sophisticated ransomware methods.

For the automotive industry, BlackBerry Cylance researchers found new backdoors being deployed by the OceanLotus group last year targeting multinational automotive manufacturers. The researchers warn of an inevitability in greater threats as connected car development continues. “The industry must continue investing in cybersecurity processes and secure connected software to ensure public trust in the transportation technologies of the future,” the company argues.

Coin-mining, whereby revenue is passively generated through infecting cryptocurrency machines – a variant of cryptojacking, as it were – was a particular target for retail. Overall, the retail industry remained the most targeted sector. Emotet, Ramnit and Upatre, the three most prevalent strains of malware noted in 2019, were all focused on retail organisations, while the researchers noted almost a quarter (23%) of all retailers suffered a compromise of sensitive financial information.

Many other industries are also seen as a viable target. Healthcare is seen as a particular bounty, the researchers argue, as ransoms are more likely to be paid due to the more critical nature of the targeted data. Government attacks are seen as a huge bonus if they come off as they can ‘have cascading effects that not only impact critical national infrastructure, but individuals.’

Another area which is causing significant headaches is through misconfigured clouds. As much as the big cloud vendors can help their customers, cloud security is ultimately a shared responsibility between vendor and customer. Misconfigured cloud resources led to more than seven billion records being publicly exposed in 2019, the report found, adding the number would ‘only [be] expected to increase.’

“New techniques to obscure malicious payloads and distribute attacks across multiple organisations paid off for threat actors in 2019,” said Eric Cornelius, BlackBerry Cylance chief technology officer in a statement. “With the increasing ease of access to attack toolkits, combined with the explosion of endpoints connected to organisations’ networks, the global threat landscape for emerging threats will only continue to escalate in 2020.”

Writing for this publication earlier this month, Pete Thurston, chief product officer and technology leader at RevCult, offered advice for CIOs looking to address their most pressing cybersecurity issues in 2020. “Beyond regulation, the potential threats posed by internal actors will be a popular watercooler and boardroom discussion topic,” wrote Thurston.

“CIOs will need to invest in employee education aimed at stemming the tide of data breaches originating internally, or else the status quo will persist,” Thurston added. “The deliberate or inadvertent exposure of data by company stakeholders has cost organisations dearly in 2019, and mitigating this threat must be a top priority for all.”

You can read the full BlackBerry Cylance report here (email required).

Interested in hearing industry leaders discuss subjects like this and sharing their use-cases? Attend the co-located IoT Tech Expo, Blockchain Expo, AI & Big Data ExpoCyber Security & Cloud Expo and 5G Expo World Series with upcoming events in Silicon Valley, London and Amsterdam and explore the future of enterprise technology.

View Comments
Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *