Acronis Cyberthreats Report H1 2024: Alarming Surge in Email Attacks and AI-Driven Threats

Acronis Cyberthreats Report H1 2024: Breaking down key findings from the report

With mounting responsibilities and skills shortages, IT professionals are overburdened, making a threat more likely to slip past their defenses. To complicate things further, cybercriminals now have a helping hand from AI, which helps them operationalize and automate sophisticated attacks. The newly released Acronis Cyberthreats Report, H1 2024 details these and other challenges for businesses across the globe. In this report, we explore new ransomware groups, changes in ransomware patterns, emerging attacks on collaboration apps and developments in AI threats. Key findings from the report: Bahrain, Egypt and South Korea were the most targeted countries in malware attacks in Q1 2024.Nearly 28 million URLs were blocked at the endpoint by Acronis in Q1 2024, a 3% increase over Q4 2023.27.6 % of all received emails were spam -- 1.5% contained malware or phishing links.Each malware sample lived an average of 2.3 days in the wild before it disappeared -- 82% of samples were seen only once.There were 1,048 publicly reported ransomware cases in Q1 2024, a 23% increase over Q1 2023.Three highly active groups were the primary contributors to ransomware attacks, collectively responsible for about 35% of the attacks.LockBit accounted for 20% of ransomware attacks, followed by Black Basta and PLAY, with 7.1% and 7.0% respectively. LockBit was taken down a peg, but ransomware gangs persist Acronis observed a 5% increase in the number of new malware samples in the wild since Q4 of 2023. When we zero in on ransomware, the first few months of 2024 were dominated by LockBit, Play, 8Base, BlackBasta and Hunters International, the most active ransomware gang. These all-too-familiar groups continue to wreak havoc on organizations worldwide. Ransomware activity continues to climb year over year, but the data reveals a 46% decrease in ransom payments in H1. This decline is a promising sign of increased cyber resilience throughout organizations and improved security efforts within private and public entities. Despite ransomware attacks being easier to launch, profitability was hindered. In another win, the U.K.'s National Crime Agency (NCA) made monumental progress in the battle against LockBit ransomware. With the support of Europol, the NCA led Operation Cronos. The months-long stint resulted in overtaking LockBit's primary platform and critical infrastructure, including 34 servers across the Netherlands, Germany, Finland, France, Switzerland, Australia, the U.S. and U.K. However, LockBit reemerged and reengaged in cybercrime despite the arrests of some key LockBit criminals. While ransomware payments decreased and ransomware operations were significantly disrupted, daily ransomware detections increased 32% from Q4 2023 to Q1 2024. Additionally, 10 new ransomware groups emerged in Q1 2024: Mogilevich (7)RansomHub (22)dAn0n (8)DarkVault (14)Red (12)Trisec (3)Slug (1)MyData (9)Embargo (5)BlackOut (3) Phishing remains the top threat, but malware is the #1 threat to collaboration apps Organizations experienced a significant surge in email communications in H1, with the number of emails per organization increasing by 25%. This rise in email volume has been paralleled by a concerning 47% increase in email attacks targeting these organizations. Among the attacks, 26% of users encountered phishing attempts through malicious URLs, demonstrating cybercriminals' continued reliance on what is still the #1 attack type. Additionally, 13% of users received malware via email, highlighting the diverse methods attackers employ to compromise systems and steal sensitive information. Finally, social engineering increased 5% since H1 2023, while malware attacks decreased from 11% in H1 2023 to 4% in H1 2024. As more companies rely on collaboration apps like Microsoft 365, attacks within those applications, including Microsoft Teams, is on the rise. While phishing is a popular method of attack in collaboration apps (20%), 82% of attacks in H1 were malware-based attacks. Generative AI in cybercrime became clearer The misuse of generative AI and large language models (LLMs) played a role in perpetuating attacks throughout H1. We wanted to make a clear distinction to help security-focused organizations better understand AI-powered attacks. The Acronis Cyberthreats Report, H1 2024 defines two types of AI threats that are commonly used synonymously: AI-generated threats and AI-enabled malware. The term "AI-generated threats" is tossed around in headlines and the cybersecurity community. At Acronis, we want to put emphasis on the "generated" portion. These are the malware and threats that are created using AI techniques but do not incorporate AI in their operations. In this case, AI is solely a tool used for malware and threat creation. When it comes to "AI-enabled malware," the phrase is more complex. We define this as malware that integrates AI within its functionality. It may contain a complete AI model, such as an LLM, but more commonly, it communicates with a backend AI model for logic. AI-enabled malware threats can adapt to their environment and modify their behavior. The report covers six popular AI-generated attacks that we observed, including malicious emails, deepfakes used in business email compromise, deepfake extortions, KYC bypassing, script generations and malware generation. The Acronis Cyber Protect Operation Centers team also shares practical recommendations for MSPs and businesses based on report findings. Experts recommend: A reemphasis on security awareness training and solution consolidation Educating MSP and business employees on cybersecurity best practices has proven to be effective against the prolific threat landscape. As we saw a noticeable dip in ransomware profitability, improved security awareness and enhanced measures may have contributed to this accomplishment. Both human-led efforts and cybersecurity technologies are equal parts of the cyber resilience equation. On one hand, security awareness training enables employees to recognize and report phishing attempts, social engineering tactics and suspicious activity. On the other, reinforcing security measures not only involves investing in cutting-edge technologies but also taking an integrated approach to cybersecurity and data protection to augment IT management, efficiency and performance -- and reduce costs and compatibility issues. With integrated solutions such as Acronis XDR, MSPs can make their security offering more competitive while boosting visibility and protection across attack surfaces. Download the report to uncover the top cybersecurity threats and trends from H1 2024. Infographics_Cyberthreats_report_2024_240716 Report-Acronis-Cyberthreats-H1-2024-Summary-EN-US-240716

Acronis H1 2024 Cyberthreats Report Highlights a 293% Surge in Email Attacks

Biannual report reveals global malware data and trends collected from the first half of the year Acronis, a global leader in cybersecurity and data protection, today shared new research findings from the first half of 2024 in its biannual cyberthreats report by Acronis Threat Research Unit. Titled, "Acronis Cyberthreats Report H1 2024: Email attacks surge 293%, new ransomware groups emerge," the report leverages over one million unique Windows endpoints from 15 key countries around the world to bring awareness to global trends in the cybersecurity industry. Most notably, the report found that email attacks have seen a 293% surge when compared to the same period in 2023. The number of ransomware detections were also on the rise, increasing 32% from Q4 2023 to Q1 2024. Ransomware continues to be a major threat to small and medium-sized businesses (SMBs), particularly in critical industries such as government and healthcare. In Q1 2024, Acronis observed 10 new ransomware groups who together claimed 84 cyberattacks globally. Among the top 10 most active ransomware families detected during this time, three highly active groups stand out as the primary contributors, collectively responsible for 35% of the attacks: LockBit, Black Basta, and PLAY. In support of Acronis' mission to tailor business initiatives to Managed Service Providers (MSPs), the report is observant of how MSPs are being targeted and compromised. Of note, attack vectors including phishing and social engineering, vulnerability exploits, credential compromises, and supply chain attacks were highlighted as the most successful techniques used to breach MSPs' cybersecurity defenses. "As a result of the increasing volume and complexities of cyber threats we continue to uncover in the current cybersecurity landscape, it is of the utmost importance that MSPs take a holistic approach to securing their customer's data, systems, and unique digital infrastructures," said Irina Artioli, report author and Cyber Protection Evangelist at Acronis Threat Research Unit. "To do this effectively, we recommend MSPs adopt a comprehensive security strategy, including mandating security awareness trainings and incident response planning, as well as deploying advanced endpoint protection solutions like extended detection and response (XDR), multi-factor authentication, and more." Additionally, the report focuses on emerging cybersecurity trends, highlighting the increasing use of generative artificial intelligence (AI) and large language models (LLMs) by threat groups. Specifically, it underscores the growing prevalence of AI being leveraged in social engineering and automation attacks. The most common AI-generated attacks that were detected include malicious emails, deepfake business email compromise (BEC), deepfake extortions, KYC bypass, and script and malware generation. Furthermore, Acronis researchers have identified two types of AI threats. The first involves AI-generated threats, in which malware is created using AI techniques but does not utilize AI in its operations. The second is AI-enabled malware, which incorporates AI into its functionality. Other key findings from the report include: Global Threat Landscape: Bahrain, Egypt, and South Korea were the top countries targeted by malware attacks in Q1 2024.28 million URLs were blocked at the endpoint in Q1 2024.27.6 % of all received emails were spam and 1.5% contained malware or phishing links.The average lifespan of a malware sample in the wild is 2.3 days.1,048 cases of ransomware were publicly reported in Q1 2024, a 23% increase over Q1 2023. Cybersecurity Trends in H1 2024: Ransomware continues to be a major threat to SMBs, and ransomware groups have abused vulnerable drivers to get a foothold in systems and disable security tools.In the first quarter of 2024, PowerShell was the most frequently detected MITRE technique.The number of email attacks detected in H1 2024 surged by 293% compared to the first half of 2023. Ransomware Trends: In Q1 2024, Acronis researchers observed 10 new ransomware groups that together claimed 84 cyberattacks globally.The number of ransomware detections increased 32% from Q4 2023 to Q1 2024. Attacks on MSPs: MSPs were under consistent attack from January to May 2024, with data revealing email phishing campaigns were the most used by attackers.The top five most frequently discovered MITRE ATT&CK techniques in the first half of the year included PowerShell, Windows Management Instrumentation, Process Injection, Data Manipulation and Account Discovery. Phishing and email attacks: Organizations experienced a surge in email communications, with the number of emails per organization increasing by 25%.The rise in email volume coincided with a 47% increase in email attacks targeting organizations.26% of users encountered phishing attempts through malicious URLs.Social engineering increased 5% since H1 2023; however, malware attacks decreased from 11% in H1 2023 to 4% in H1 2024. Leveraging AI: Cybercriminals continue to leverage malicious AI tools like WormGPT and FraudGPT.While AI can assist attackers at every stage of the cyberattack kill chain, it can also be used as a defense mechanism as it allows for around the clock detection of attacks and reports them to experts to take appropriate response actions to ensure smooth business continuity. The Acronis H1 2024 Cyberthreats Report is curated by Acronis Threat Research Unit and includes data surrounding ransomware threats, phishing, malicious websites and software vulnerabilities, and tips on how to protect against the aforementioned threats. Released bi-annually, the Acronis Cyberthreats Report sets the industry standard by consistently establishing itself as a benchmark for cybersecurity intelligence. Acronis' analysis of the current cyber threat landscape is published for the benefit of its users, partners, and the broader, global cybersecurity community to help them stay abreast of ongoing cybersecurity developments. For more information, download a copy of the full Acronis H1 2024 Cyberthreats Report here: https://www.acronis.com/en-us/resource-center/resource/acronis-cyberthreats-report-h1-2024/ To learn more about the report and its findings, visit the Acronis blog here: https://www.acronis.com/en-us/blog/posts/acronis-cyberthreats-report-h1-2024-breaking-down-key-findings-from-the-report Visit www.acronis.com for information about Acronis solutions that help combat security challenges like these - including the new, groundbreaking native integration of Acronis Advanced Security + XDR. About Acronis: Acronis is a global cyber protection company that provides natively integrated cybersecurity, data protection, and endpoint management for managed service providers (MSPs), small and medium businesses (SMBs), and enterprise IT departments. Acronis solutions are highly efficient and designed to identify, prevent, detect, respond, remediate, and recover from modern cyberthreats with minimal downtime, ensuring data integrity and business continuity. Acronis offers the most comprehensive security solution on the market for MSPs with its unique ability to meet the needs of diverse and distributed IT environments. A Swiss company founded in Singapore in 2003, Acronis has 15 offices worldwide and employees in 50+ countries. Acronis Cyber Protect is available in 26 languages in 150 countries and is used by over 20,000 service providers to protect over 750,000 businesses. Learn more at www.acronis.com.