Content, Content, Ransomware

BlackBerry 2021 Threat Report: Are Hackers Increasingly Targeting MSSPs?

dartboard target aim goal achievement concept

MSSPs were prominent targets during ransomware attacks last year, according to the "2021 Threat Report" from BlackBerry. The report also indicated that hackers increasingly leveraged ransomware to compromise MSSPs as part of highly targeted cybercrime campaigns.

Other notable 2020 ransomware trends highlighted in BlackBerry's report included:

  • Use of Ransomware-as-a-Service (RaaS) in a Private Model: In this model, hackers provide access to vetted affiliates in exchange for sensitive information or for an agreed cut from cybercriminal activities. Access could include a foothold to compromised MSSPs, corporate networks and/or government networks.
  • Ryuk Collaboration with Trickbot and Emotet: This threat executes with Emotet dropping Trickbot on a host system to steal data. Next, Trickbot downloads Ryuk to launch a ransomware attack.
  • Zeppelin Collaboration with Azorult: Zeppelin ransomware can encrypt a system and install Azorult spyware to steal credentials, files and other data.
  • Data Exfiltration Before and During Ransomware Encryption: This technique enables cybercriminals to blackmail victims with the threat of exposing their sensitive data on public forums if they do not pay a ransom in a timely manner.

In addition, BlackBerry identified several cyber threat trends to watch this year, including:

  • Increasing Use of the "Double Extortion" Strategy in Ransomware Attacks: With this strategy, cybercriminals steal a victim's data. Before hackers encrypt the data, they threaten to release the stolen information to the public or a competitor to try to get the victim to pay to recover their data.
  • Use of Crimeware-as-a-Service by Nation-State Actors: Nation states can use crimeware-as-a-service to make it appear as though a cyberattack originated from almost anywhere. As such, crimeware-as-a-service can make it difficult to pinpoint where a cyberattack began or the threat actor behind the attack.
  • Threat Actors Contacting Healthcare Patients During Cyberattacks: Threat actors may reach out to healthcare patients to illegally obtain and weaponize their medical records.

Preparation is a key factor in successful threat prevention in 2021, BlackBerry VP of Research and Intelligence Eric Milam said. Organizations can use threat monitoring, AI-based tools and other security technologies to guard against cyber threats before they cause data breaches.

Dan Kobialka

Dan Kobialka is senior contributing editor, MSSP Alert and ChannelE2E. He covers IT security, IT service provider business strategies and partner programs. Dan holds a M.A. in Print and Multimedia Journalism from Emerson College and a B.A. in English from Bridgewater State University. In his free time, Dan enjoys jogging, traveling, playing sports, touring breweries and watching football.