Acronis report reveals 197% rise in email cyberattacks

A new report from Acronis indicates a substantial increase in cyber threats, particularly email-based attacks, ransomware linked to advanced persistent threats, and malware activity.

The "Acronis Cyberthreats Report, H2 2024: The rise of AI-driven threats," released by Acronis, highlights a 197% surge in email cyberattacks during the second half of 2024 compared to the same period in 2023. During this time, nearly half of the users experienced email-based attacks at least once, with a 21% increase in attacks per organisation.

These attacks have notably escalated among managed service providers (MSPs), with phishing identified as the primary method for breaching MSP networks. A third of MSPs reported email phishing campaigns, followed closely by attacks exploiting vulnerabilities in Remote Desktop Protocol and other remote access tools.

The report also highlights the increasing threat of APT-linked ransomware groups targeting MSPs. These groups use MSPs as strategic entry points for infiltrating client systems, employing tactics such as stolen credentials, social engineering, and supply chain attacks.

Acronis Threat Research Unit has also observed many malicious activities over the past months. The company blocked over 48 million malicious URLs at endpoints in Q4 2024, marking a 7% increase from Q3 2024. Additionally, 31.4% of the emails received throughout H2 2024 were classified as spam, with a small but critical 1.4% containing malware or phishing links.

In Q4 2024, 1,712 ransomware incidents were reported, with significant activities from ransomware groups such as RansomHub, Akira, Play, and KillSec, who collectively accounted for 580 victims. The Cl0p ransomware group was identified as a key threat in December, with 68 reported victims.

Regarding regional impact, the United Arab Emirates, Singapore, and Italy were the most heavily targeted by malware attacks in December 2024. The UAE notably reported the highest percentage of blocked malicious URLs, followed closely by Brazil and Singapore.

Gerald Beuchelt, CISO at Acronis, commented on the findings, "The cyberthreats report from the Acronis Threat Research Unit serves as our biannual pulse on the cybersecurity landscape, offering critical insights into the latest attack trends and vulnerabilities. This release highlights the alarming rise of AI-generated attacks and the increasing sophistication of ransomware campaigns. By analysing trends from the first half of 2024 and providing actionable recommendations, the report empowers organisations, MSPs, and the cybersecurity industry to proactively strengthen their defenses to stay ahead of today's most pressing risks."

The report also highlights the risks associated with remote monitoring and management (RMM) tools. These tools, utilised for organisational efficiency, may inadvertently introduce security vulnerabilities. Organisations employing multiple RMM tools create potential blind spots vulnerable to ransomware attacks.

The Acronis report analyses the threats faced in the previous year, offers predictions for 2025, and makes actionable recommendations to bolster defence strategies for organisations and MSPs against evolving cyber threats.