Skip to main content
Cybersecurity

‘Unique’ malware on the rise

One major driver, said a BlackBerry pro: ransomware-as-a-service.
article cover

Francis Scialabba

3 min read

Top insights for IT pros

From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.

Like snowflakes, agents, and K in the cereal aisle, every malware is special—lately at least.

Software company BlackBerry, in its quarterly report of cyberattacks from April to June 2024, noticed an average of 11,500 unique malware samples per day, a 53% jump and “one of the highest percentage increases, quarter over quarter,” since the software company began its Global Threat Intelligence reports in January 2023.

You might expect AI to be behind such massive production, but BlackBerry’s lead researcher says the steep increase demonstrates that the ransomware-as-a-service (RaaS) market—and a core piece of it known as the ransomware builder—is alive and well.

“Having been in the industry for 24 years, I’ve never seen so much availability of these builders and so much knowledge on how to create malware,” Ismael Valenzuela, VP of threat research and intelligence at BlackBerry, told IT Brew.

Build a ’ware. A software tool known as a ransomware builder, Valenzuela said, features user-friendly interfaces to help even a programming novice create customized payloads and adjust ransomware aspects like personalized messaging, ransomware amounts, and encryption methods. Each customization creates an official signature, or hash, which a signature-based antivirus tool aims to find.

“Somebody is putting in the effort to craft all of these different customizations in the tool; they click on ‘generate’ and that generates a new payload. Every time you do that, it’s going to generate a new hash. The more builders available out there, the more hashes we’re going to find out in the wild,” Valenzuela said (The builders, he added, are an essential aspect of the ransomware-as-a-service ecosystem, where creators offer the ransomware in exchange for a cut of the profits.)

The average cost of a ransomware attack, according to IBM’s recent Cost of a Data Breach report, which studied global incidents between March 2023 and February 2024? $4.91 million.

Additionally, compilers, when they pull in open-source code, introduce a level of randomness to the output, according to Valenzuela, which means a unique code and a unique hash associated with it.

MaaS appeal. A report from cybersecurity company Darktrace declared malware-as-a-service (MaaS) “the most observed threat type” affecting its customers during the second half of 2023, and that both MaaS and RaaS “represent the majority of malicious tools across the cyber threat landscape.”

Darktrace highlighted “cross-functional adaptation of many malware strains, such as remote access trojans (RATs) and information-stealing malware,” thanks to the use of open-source repositories and leaked code.

The uniqueness challenges endpoint protection capabilities that rely on signature detection.

“You cannot just defend based on traditional, signature based endpoint [security], or based on blocking lists,” Valenzuela said, who recommended security strategies like network segmentation and least privilege access to defend against a rise in one-of-a-kind malware.

Top insights for IT pros

From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.