Malicious attackers are increasingly employing new, dangerous malware in their nefarious activities
In a recent report, BlackBerry has highlighted a significant increase in cyberattacks on critical infrastructure providers worldwide, particularly in the U.S. The report, released on Thursday, stated that critical infrastructure providers were targeted in 62% of all industry-related cyberattacks from September to December 2023.
The report showed a 27% increase in the use of novel malware, with more than 5,300 unique malware samples targeting BlackBerry's customers daily during the period. This surge in cyberattacks is marked by a growing sophistication, often involving state-sponsored or cybercrime-as-a-service activities.
The attacks are frequently targeting supply chains and cloud-based services rather than infrastructure directly. VPN appliances are expected to remain highly attractive targets for state-linked threat actors, as noted in the report.
BlackBerry researchers identified an increased use of particular malware families, including PrivateLoader, RisePro, SmokeLoader, and PikaBot. Threat groups exploited critical vulnerabilities in various products such as Citrix Netscaler, Cisco Adaptive Security Appliance, and JetBrains TeamCity to gain entry into targeted organizations.
The report did not specify the industries or countries that were targeted in the cyberattacks. However, it did note an increase in attacks on critical infrastructure providers globally. The evolving role of CISOs (Chief Information Security Officers) involves better communication with corporate stakeholders about the risks associated with their technology stacks.
The use of novel malware and the exploitation of critical vulnerabilities in various products indicate that threat actors are actively working to evade traditional defenses. Organizations in the critical infrastructure sector are willing to pay quickly to prevent disruptions, according to Ismael Valenzuela, VP of threat research and intelligence at BlackBerry.
The report did not identify the state-linked threat actors that are expected to target VPN appliances. It also did not provide information on the specific consequences or damages caused by the cyberattacks on the targeted organizations.
The BlackBerry report did mention rising threats in the U.S. linked to Russia's invasion of Ukraine and rising geopolitical tensions in the Asia-Pacific region. U.S. authorities issued a warning in January about the rising threat to critical infrastructure providers from Volt Typhoon, a state-sponsored threat group with ties to the People's Republic of China. Volt Typhoon targeted key U.S. infrastructure providers with the potential aim of spreading mass panic in the U.S. mainland as a distraction from potential military action in the Asia-Pacific region.
Commonly exploited software vulnerabilities in these attacks include legacy industrial control and SCADA (Supervisory Control and Data Acquisition) systems, which are often outdated and weakly segmented from IT networks. Application software vulnerabilities are a major attack vector, with 30% of data breaches linked to stolen credentials and application flaws. The sheer volume of disclosed CVEs (Common Vulnerabilities and Exposures) continues to rise, with over 131 new CVEs per day in 2025, increasing the attack surface for critical infrastructure systems.
Due to budget cuts and decentralization of federal support, critical infrastructure cybersecurity coordination in the U.S. may weaken, potentially increasing vulnerabilities. Corporate stakeholders are increasingly interested in understanding the risk calculus of their technology stacks, with a focus on determining whether they are potential targets.
In conclusion, the current state is marked by a rise in cyberattacks on critical infrastructure through both direct ICS targeted attacks by hacktivists and state-backed threat actors exploiting software vulnerabilities in cloud services, applications, and legacy industrial control systems. Common exploited software includes cloud platforms (OneDrive, Google Drive), widely used applications, and vulnerable ICS and SCADA software.
- In the report, BlackBerry researchers found a significant increase in the use of novel malware, with 5,300 unique malware samples targeting their customers daily, vividly illustrating the evolving threat landscape in the cybersecurity industry.
- Beyond infrastructure directly, attacks are also targeting supply chains and cloud-based services, which remain highly attractive targets for state-linked threat actors, a trend observed in the cybersecurity industry.
- The BlackBerry report highlights the rise in cyberattacks on critical infrastructure providers globally, often involving state-sponsored activities or cybercrime-as-a-service, a concern for the financial sector given the potential disruptions and associated costs.
