New cyberthreats report unveils troubling trends: cybercriminals exploit AI, persistence in ransomware attacks, and a significant surge of data stealers.
A comprehensive study by Acronis, based on data captured from more than one million global endpoints, provides insight into the evolving cybersecurity landscape and uncovers the growing utilization of generative artificial intelligence (AI) systems, such as ChatGPT, by cybercriminals to craft malicious content and execute sophisticated attacks.
Cyberthreats report highlights ransomware as the dominant risk
The biannual threat report (Mid-Year Cyberthreats Report, From Innovation to Risk: Managing the Implications of AI-driven Cyberattacks) highlights ransomware as the dominant risk to small and medium-sized businesses. And while the number of new ransomware variants continues to decline, ransomware attacks’ severity remains significant. Equally concerning is the growing prominence of data stealers, who leverage stolen credentials to gain unauthorized access to sensitive information.
“The volume of threats in 2023 has surged relative to last year, a sign that criminals are scaling and enhancing how they compromise systems and execute attacks,” said Candid Wüest, Acronis VP of Research. “To address the dynamic threat landscape, organizations need agile, comprehensive, unified security solutions that provide the necessary visibility to understand attacks, simplify context, and provide efficient remediation of any threat, whether it may be malware, system vulnerability, and everything in between.”
According to the report, phishing is the primary method criminals use to unearth login credentials. In the first half of 2023 alone, the number of email-based phishing attacks has surged 464% when compared to 2022. Over the same frame, there has also been a 24% increase in attacks per organization. In the first half of 2023, Acronis-monitored endpoints observed a 15% increase in the number of files and URLs per scanned email. Cybercriminals have also tapped into the burgeoning large language model (LLM)-based AI market, using platforms to create, automate, scale, and improve new attacks through active learning.
The cyberattack landscape is evolving
Cybercriminals are becoming more sophisticated in their attacks, using AI and existing ransomware code to drill deeper into victims’ systems and extract sensitive information. AI-created malware is adept at avoiding detection in traditional antivirus models, and public ransomware cases have exploded relative to last year. Acronis-monitored endpoints are picking up valuable data about how these cybercriminals operate and recognize how some attacks have become more intelligent, sophisticated, and difficult to detect.
Drawing from extensive research and analysis, key findings from the report include:
- Acronis blocked almost 50 million URLs at the endpoint in Q1 2023, a 15% increase over Q4 2022.
- There were 809 publicly mentioned ransomware cases in Q1 2023, with a 62% spike in March over the monthly average of 270 cases.
- In Q1 2023, 30.3% of all received emails were spam, and 1.3% contained malware or phishing links.
- Each malware sample lives an average of 2.1 days in the wild before disappearing. 73% of samples were only seen once.
- Public AI models are proving unwitting accomplices for criminals looking for source code vulnerabilities, creating attacks and developing fraud prevention-thwarting attacks like deep fakes.
Phishing remained the most popular form of stealing credentials
Cybercriminal gangs phish to acquire credentials and extract data and dollars. Of note:
- Phishing remained the most popular form of stealing credentials, making up 73% of all attacks. Business email compromises (BECs) were second, at 15%.
- The LockBit gang was responsible for major data breaches.
- Clop breached a mental health provider’s system, affecting the personal and HIPAA-covered data of more than 783,000 individuals.
- BlackCat stole more than 2TB of secret military data, which included the personal information of employees and customers, from an Indian industrial manufacturer.
- Vice Society compromised 1,200 servers and the personal information of 43,000 students, 4,000 academic staff and 1,500 administrative staff at the University of Duisburg-Essen in Germany.
Breaches demonstrate major security concerns
Traditional cybersecurity methods and lack of action let attackers in, the report shares:
- There is a lack of strong security solutions in place that can detect zero-day vulnerability exploitations.
- Organizations often fail to update vulnerable software in a timely manner long after a fix becomes available.
- Linux servers face inadequate protection against cybercriminals who are increasingly going after them.
- Not all organizations follow proper data backup protocol, including the 3-2-1 rule.
With these trends in mind, the need for proactive cyber protection measures s emphasized. A sound cybersecurity posture requires a multi-layered solution that combines anti-malware, EDR, DLP, email security, vulnerability assessment, patch management, RMM, and backup capabilities. Leveraging an advanced solution that combines AI, machine learning, and behavioral analysis can help mitigate the risks posed by ransomware and data stealers.
For more information, download a copy of the full Acronis Mid-Year Cyberthreats Report 2023 here.
Related article: Cybercriminals are using MSPs’ own internal tools against them