Acronis H1 2024 cyberthreats report highlights a 293 percent surge in email attacks
13 August 2024
Acronis has shared new research findings from the first half of 2024 in its biannual cyberthreats report by Acronis Threat Research Unit.
Titled 'Acronis Cyberthreats Report H1 2024: Email attacks surge 293 percent, new ransomware groups emerge', the report leverages over one million unique Windows endpoints from 15 key countries around the world to bring awareness to global trends in the cybersecurity industry. Most notably, the report found that email attacks have seen a 293 percent surge when compared to the same period in 2023. The number of ransomware detections were also on the rise, increasing 32 percent from Q4 2023 to Q1 2024.
Ransomware continues to be a major threat to small and medium-sized businesses (SMBs), particularly in critical industries such as government and healthcare. In Q1 2024, Acronis observed 10 new ransomware groups who together claimed 84 cyberattacks globally. Among the top 10 most active ransomware families detected during this time, three highly-active groups stand out as the primary contributors, collectively responsible for 35 percent of the attacks: LockBit, Black Basta, and PLAY.
In support of Acronis’ mission to tailor business initiatives to Managed Service Providers (MSPs), the report is observant of how MSPs are being targeted and compromised. Of note, attack vectors including phishing and social engineering, vulnerability exploits, credential compromises, and supply chain attacks were highlighted as the most successful techniques used to breach MSPs’ cybersecurity defences.
“As a result of the increasing volume and complexities of cyber threats we continue to uncover in the current cybersecurity landscape, it is of the utmost importance that MSPs take a holistic approach to securing their customer’s data, systems, and unique digital infrastructures,” said Irina Artioli, report author and Cyber Protection Evangelist at Acronis Threat Research Unit. “To do this effectively, we recommend MSPs adopt a comprehensive security strategy, including mandating security awareness trainings and incident response planning, as well as deploying advanced endpoint protection solutions like extended detection and response (XDR), multi-factor authentication, and more.”
Additionally, the report focuses on emerging cybersecurity trends, highlighting the increasing use of generative artificial intelligence (AI) and large language models (LLMs) by threat groups. Specifically, it underscores the growing prevalence of AI being leveraged in social engineering and automation attacks. The most common AI-generated attacks that were detected include malicious emails, deepfake business email compromise (BEC), deepfake extortions, KYC bypass, and script and malware generation. Furthermore, Acronis researchers have identified two types of AI threats. The first involves AI-generated threats, in which malware is created using AI techniques but does not utilise AI in its operations. The second is AI-enabled malware, which incorporates AI into its functionality.
Other key findings from the report include:
Global threat landscape
Bahrain, Egypt, and South Korea were the top countries targeted by malware attacks in Q1 2024
28 million URLs were blocked at the endpoint in Q1 2024
27.6 percent of all received emails were spam and 1.5 percent contained malware or phishing links
The average lifespan of a malware sample in the wild is 2.3 days
1,048 cases of ransomware were publicly reported in Q1 2024, a 23 percent increase over Q1 2023
Cybersecurity trends in H1 2024
Ransomware continues to be a major threat to SMBs, and ransomware groups have abused vulnerable drivers to get a foothold in systems and disable security tools
In the first quarter of 2024, PowerShell was the most frequently detected MITRE technique
The number of email attacks detected in H1 2024 surged by 293 percent compared to the first half of 2023
Ransomware trends
In Q1 2024, Acronis researchers observed 10 new ransomware groups that together claimed 84 cyberattacks globally
The number of ransomware detections increased 32 percent from Q4 2023 to Q1 2024
Attacks on MSPs
MSPs were under consistent attack from January to May 2024, with data revealing email phishing campaigns were the most used by attackers
The top five most frequently-discovered MITRE ATT&CK techniques in the first half of the year included PowerShell, Windows Management Instrumentation, Process Injection, Data Manipulation and Account Discovery
Phishing and email attacks
Organisations experienced a surge in email communications, with the number of emails per organisation increasing by 25 percent
The rise in email volume coincided with a 47 percent increase in email attacks targeting organisations
26 percent of users encountered phishing attempts through malicious URLs
Social engineering increased 5 percent since H1 2023; however, malware attacks decreased from 11 percent in H1 2023 to 4 percent in H1 2024
Leveraging AI
Cybercriminals continue to leverage malicious AI tools like WormGPT and FraudGPT
While AI can assist attackers at every stage of the cyberattack kill chain, it can also be used as a defence mechanism as it allows for around the clock detection of attacks and reports them to experts to take appropriate response actions to ensure smooth business continuity
The Acronis H1 2024 Cyberthreats Report is curated by Acronis Threat Research Unit, and includes data surrounding ransomware threats, phishing, malicious websites and software vulnerabilities, and tips on how to protect against the aforementioned threats. Released bi-annually, the Acronis Cyberthreats Report sets the industry standard by consistently establishing itself as a benchmark for cybersecurity intelligence. Acronis’ analysis of the current cyber-threat landscape is published for the benefit of its users, partners, and the broader, global cybersecurity community to help them stay abreast of ongoing cybersecurity developments.
For more information, download a copy of the full Acronis H1 2024 Cyberthreats Report here: https://www.acronis.com/en-us/resource-center/resource/acronis-cyberthreats-report-h1-2024/
To learn more about the report and its findings, visit the Acronis blog here: https://www.acronis.com/en-us/blog/posts/acronis-cyberthreats-report-h1-2024-breaking-down-key-findings-from-the-report
Visit www.acronis.com for information about Acronis solutions that help combat security challenges like these – including the new, groundbreaking native integration of Acronis Advanced Security + XDR.
Contact Details and Archive...