Acronis report reveals 293% surge in email attacks H1 2024
Acronis has released its biannual cyberthreats report for the first half of 2024, revealing a notable increase in email attacks. The "Acronis Cyberthreats Report H1 2024: Email attacks surge 293%, new ransomware groups emerge" analysed data from over one million unique Windows endpoints across 15 countries.
The report's most significant finding indicates a 293% surge in email attacks compared to the same period in 2023. Additionally, ransomware detections have risen by 32% from Q4 2023 to Q1 2024. The increase in ransomware threats continues to pose a substantial risk to small and medium-sized businesses (SMBs), especially those in government and healthcare sectors.
In Q1 2024, Acronis identified ten new ransomware groups responsible for 84 cyberattacks globally. Among these groups, LockBit, Black Basta, and PLAY were identified as the most active, collectively accounting for 35% of the detected attacks. The report also highlights a consistent targeting and attack of Managed Service Providers (MSPs). Acronis identified phishing and social engineering, vulnerability exploits, credential compromises, and supply chain attacks as the primary techniques used to breach MSPs' cybersecurity defences.
Irina Artioli, report author and Cyber Protection Evangelist at Acronis Threat Research Unit, emphasised the need for a comprehensive security strategy for MSPs. "As a result of the increasing volume and complexities of cyber threats we continue to uncover in the current cybersecurity landscape, it is of the utmost importance that MSPs take a holistic approach to securing their customer's data, systems, and unique digital infrastructures," she said. Artioli further recommended that MSPs adopt advanced endpoint protection solutions such as extended detection and response (XDR), and multi-factor authentication, along with mandatory security awareness trainings and incident response planning.
The report also notes the growing prevalence of generative artificial intelligence (AI) attacks, including malicious emails, deepfake business email compromise (BEC), deepfake extortions, and script and malware generation. Acronis researchers defined two types of AI threats: AI-generated threats, in which malware is created using AI techniques without using AI in its operations, and AI-enabled malware incorporating AI into its functionality.
Other significant findings include a marked increase in malware activity in specific countries. Bahrain, Egypt, and South Korea were the top countries targeted by malware attacks in Q1 2024. Acronis researchers blocked 28 million URLs at endpoints in Q1 2024, and discovered that 27.6% of all received emails were spam, with 1.5% containing malware or phishing links. On average, a malware sample's lifespan in the wild was observed to be 2.3 days. Publicly reported ransomware cases totalled 1,048 in Q1 2024, marking a 23% increase over Q1 2023.
The report underscored a number of cybersecurity trends in the first half of 2024. PowerShell remained the most frequently detected MITRE technique in Q1 2024. Ransomware groups reportedly abused vulnerable drivers to gain access to systems and disable security tools.
The report also discussed email attacks and phishing. Organisations saw a 25% increase in email volume, coinciding with a 47% rise in related attacks. Phishing attempts were faced by 26% of users through malicious URLs, while social engineering incidents increased by 5% from H1 2023. However, there was a decline in malware attacks, which dropped from 11% in H1 2023 to 4% in H1 2024.
Regarding AI-driven cyber threats, Acronis noted that criminals continue to use tools like WormGPT and FraudGPT. While these tools assist attackers throughout the cyberattack kill chain, AI also holds potential as a defensive measure, allowing for round-the-clock attack detection and reporting.
The Acronis H1 2024 Cyberthreats Report offers insights on ransomware threats, phishing, malicious websites, software vulnerabilities, and provides protective measures. The report sets a benchmark for cybersecurity intelligence, aiding users, partners, and the global cybersecurity community in staying informed about ongoing developments.