The “Acronis Cyberthreats Report, H2 2023: Alarming rise in cyberattacks, SMBs and MSPs in the crosshairs,” provides in-depth analysis on key security issues and cyberthreats worldwide.
Data was collected from over 1,000,000 unique endpoints across 15 key countries, and the findings conclude that AI-enhanced phishing is now affecting over 90% of organisations and contributed to a 222% surge in email attacks in 2023, when compared to the same time in 2022.
According to the report, ransomware variants and the number of new groups continue to decrease, but the most renowned families of the attack vector are still causing companies across the globe to lose data and money.
Why is this still the case? Well, according to the report there’s still a lack of strong security solutions which should be detecting the exploitation of zero-day vulnerabilities. Organisations are also falling victim to attacks due to the delay in patching vulnerable software which allows threat actors to gain domain administrative rights, uninstall security tools and infiltrate sensitive information.
According to Acronis, behaviour-based detection and exploit prevention technology could help to prevent most of these attacks and this, paired with proper data backup, following the 3-2-1 rule, is necessary to create a last line of defence.
“There’s a disturbing trend being recognised globally where bad actors continue to leverage ChatGPT and similar generative AI systems to increase cyberattack efficiency, create malicious code, and automate attacks,” said Candid Wüest, Acronis VP of Product Management. “Now, more than ever, corporations need to prioritise comprehensive cyber protection solutions to ensure business continuity.”
The report suggests that advanced tactics like supply chain attacks, AI-driven attacks and state-sponsored incursions are likely to intensify.
Managed Service Providers (MSPs) should brace themselves for threats unique to their operations, including "island hopping," in which attackers use an MSP's infrastructure to attack clients, as well as "credential stuffing," which exploits an MSP's broad access to systems.
Among the reports findings are:
- Singapore, Spain, and Brazil were the most targeted focus countries for malware attacks in Q4 2023.
- Acronis blocked nearly 28 million URLs at the endpoint in Q4 2023, reflecting a 36% decrease compared to Q4 2022.
- 33.4% of received emails were identified as spam, with 1.5% containing malware or phishing links.
- The average lifespan of a malware sample in the wild is 2.1 days.
- In Q4 2023, 1,353 ransomware cases were explicitly mentioned, with notable contributions from LockBit, Play, ALPHV and the active Toufan group.
Cybersecurity trends – from July – December 2023
- Ransomware remains a major threat to large and medium-sized businesses, impacting critical sectors such as government and health care.
- Data stealers are the second most prevalent threat, contributing to most data breaches.
- The use of generative AI systems, including ChatGPT, for launching cyberattacks and creating malicious content is on the rise.
Ransomware Trends
- Known ransomware gangs in 2023 include LockBit, Cl0P, BlackCat / ALPHV, Play, and 8Base.
- The ALPHV gang, whom the FBI targeted in December 2023, breached over 1,000 entities, demanded over $500 million, and received over $300 million in ransom payments.
- Regardless of a decrease in ransomware variants, businesses continue to suffer data and financial losses.
Attacks on MSPs are increasing
- Attacks on managed service providers (MSPs) continue, with a recent high-profile breach affecting multiple U.S. (United States) government agencies.
- Microsoft cloud email account vulnerabilities led to the compromise of 60,000 emails from 10 U.S. State Department accounts.
Phishing and email Attacks remain the main vectors of infection
- The total number of email-based attacks detected in 2023 increased by 222%.
- Organisations experienced a 54% increase in the number of attacks per organisation.
- 91.1% of organisations faced AI-enhanced phishing attacks.
The AI menace — Cybercriminals embrace malicious AI-based tools for corporate attacks
- Cybercriminals are leveraging malicious AI tools, including WormGPT, FraudGPT, DarkBERT, DarkBART and ChaosGPT.
- The public release of ChatGPT has increased the use of generative AI for cyberattacks.
For more information and to download a copy of the full Acronis End-of-Year Cyberthreats Report 2023 use the link below.
