SecurityBrief UK - Technology news for CISOs & cybersecurity decision-makers
Story image

Acronis reports 293% increase in email cyberattacks in H1 2024

Fri, 2nd Aug 2024

Acronis has reported a substantial increase in email cyberattacks, with a 293% rise observed in the first half of 2024 compared to the same period in 2023. This finding is part of the "Acronis Cyberthreats Report H1 2024," which analyses global malware data and trends from over one million unique Windows endpoints across 15 countries.

In addition to the surge in email attacks, the report highlighted a rise in ransomware detections, which increased 32% from Q4 2023 to Q1 2024. The report noted that ransomware remains a significant threat, particularly for small and medium-sized businesses (SMBs) in critical sectors such as government and healthcare. The first quarter of 2024 saw the emergence of 10 new ransomware groups collectively responsible for 84 cyberattacks globally. LockBit, Black Basta, and PLAY were identified as the primary contributors, accounting for 35% of these attacks.

The report also touched on the targeted nature of attacks on Managed Service Providers (MSPs). Phishing, social engineering, vulnerability exploits, credential compromises, and supply chain attacks were identified as the most effective methods used against MSPs.

Irina Artioli, a Cyber Protection Evangelist at Acronis Threat Research Unit, stated, "As a result of the increasing volume and complexities of cyber threats we continue to uncover in the current cybersecurity landscape, it is of the utmost importance that MSPs take a holistic approach to securing their customer's data, systems, and unique digital infrastructures." Artioli recommended adopting a comprehensive security strategy, including mandating security awareness training, incident response planning, and deploying advanced endpoint protection solutions like extended detection and response (XDR) and multi-factor authentication.

The report further elaborated on the role of generative artificial intelligence (AI) and large language models (LLMs) in cyberattacks, particularly in social engineering and automation. AI-generated threats and AI-enabled malware were both increasing in prevalence. Detected AI-generated attacks included malicious emails, deepfake business email compromise (BEC), deepfake extortions, know-your-customer (KYC) bypass, and script and malware generation. Two main types of AI-related threats were identified: AI-generated threats, involving malware created using AI techniques, and AI-enabled malware, which incorporates AI in its operations.

A rundown of other key findings from the report showed that Bahrain, Egypt, and South Korea were the top targets for malware attacks in Q1 2024. In the same quarter, 28 million URLs were blocked at endpoints, 27.6% of all received emails were deemed spam, and 1.5% contained malware or phishing links. The average lifespan of a malware sample in the wild was recorded at 2.3 days, and 1,048 ransomware cases were publicly reported, marking a 23% increase compared to Q1 2023.

In terms of specific cyber trends for H1 2024, the report noted the continued threat of ransomware to SMBs, with a particular focus on how ransomware groups exploit vulnerable drivers to gain access to systems and disable security tools. PowerShell emerged as the most frequently detected MITRE technique, and email attacks saw a significant rise, increasing by 293% compared to the first half of 2023.

The report also highlighted a targeted campaign against MSPs from January to May 2024, with email phishing being the most commonly used attack vector. The top five MITRE ATT&CK techniques detected included PowerShell, Windows Management Instrumentation, Process Injection, Data Manipulation, and Account Discovery.

Concerning phishing and email attacks, there was a 25% increase in the number of emails per organisation, coupled with a 47% rise in email attacks targeting these organisations. Additionally, 26% of users encountered phishing attempts through malicious URLs, and social engineering attacks increased by 5% since H1 2023, although malware attacks decreased from 11% to 4% in the same period.

In the broader context of AI, cybercriminals were found to be using tools like WormGPT and FraudGPT to carry out malicious activities. While AI can be utilised at every stage of the cyberattack kill chain, it can also serve as a defence mechanism, offering around-the-clock detection of attacks and enabling a swift response to ensure business continuity.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X