According to the Acronis Semi-Annual Threat Report, the IT security landscape is evolving thanks in part to the widespread use of generative AI systems for increasingly sophisticated attacks. The study is based on data from over one million endpoints globally. Again this semester, ransomware is the top risk for SMBs, and while the number of new ransomware variants continues to decline, the severity of attacks is still very high. It’s also very worrying threat growing number of data stealers, who exploit stolen credentials for unauthorized access to sensitive information.
The skill of hackers grows
Candid Wüest, Vicepresidente Research di Acronis
In 2023, the volume of threats peaked year-over-year. A sign that indicates the proliferation of cybercrime and the increased ability of hackers to compromise systems and launch attacks. The panorama is extremely dynamic. To address it, organizations must adopt agile, comprehensive and unified security solutions that guarantee the visibility necessary to understand the attacks, simplify the context. As well as providing efficient remediation measures for every threat, be it malware, system vulnerabilities, and more.
IT security and generative AI
The report’s findings indicate phishing as the top-ranked method by criminals to ferret out login credentials. In the first half of 2023 alone, the number of email-based phishing attacks increased by 464% compared to 2022. We also observed a 24% increase in attacks suffered by each company during the same period. Also in the first half of 2023, endpoints monitored by Acronis recorded +15% of the number of malicious files and URLs per email scanned. Criminals have also tapped into the burgeoning market for AI-powered large language models (LLMs), using the platforms to build, automate, refine, and scale new attacks through active learning.
The ways of action of criminals
In their attacks, cybercriminals show ever more sophisticated capabilities. They use artificial intelligence and already existing ransomware code to penetrate deep into victims’ systems and extort sensitive information. Malware created with artificial intelligence is capable of escape to traditional antiviruses. Cases of public ransomware have increased exponentially since last year. Endpoints monitored by Acronis return valuable data on how criminals act, confirming the greater intelligence, complexity and difficulty of detecting some types of attacks.
The other results
In the first quarter of 2023, Acronis blocked approximately 50 million URLs on endpoints, up 15% from the last quarter of 2022. During the same period, 809 ransomware cases were disclosed, with a peak of 62% in March, compared to the monthly average of 270 cases. Also in Q1 2023, 30.3% of all emails received were spam and 1.3% contained malware or phishing links. Each piece of malware circulates for an average of 2.1 days before disappearing. 73% were observed only once. Public AI models act as an unwitting accomplice of criminals looking for vulnerabilities in source codes. IT security and generative AI. What are the most dangerous groups Hacker groups use phishing to acquire credentials, extract data and profit from it. Phishing remains the most common form of credential theft, accounting for 73% of all attacks. In second place are corporate email compromise attacks, at 15%. The LockBit group is responsible for most data breaches. The Clop group hacked the systems of a network of mental health providers, affecting the personal and HIPAA-protected data of more than 783,000 people. BlackCat, by infiltrating the systems of an Indian industrial producer, appropriated more than 2 TB of secret military data. Including personal information of employees and customers. Vice Society compromised 1,200 servers and the personal information of 43,000 students, 4,000 academic staff, and 1,500 administrative staff at the University of Duisburg-Essen, Germany.
Security concerns confirmed
According to the study, traditional cybersecurity methods and inaction open the door for cybercriminals. This is because robust security solutions capable of detecting exploits of zero-day vulnerabilities are not adopted. Organizations often don’t update vulnerable software right away, but introduce fixes long after they’re available. Linux servers, increasingly affected by attacks, are inadequately protected and not all companies follow recommended data backup protocols, including the 3-2-1 rule.
IT security and generative AI
Analyzing these trends, Acronis reiterates the need for proactive cyber protection measures. A solid security profile requires the choice of a solution that acts on several levels. Thus combining anti-malware, EDR, DLP, email security, vulnerability assessment, patch management, RMM and backup capabilities in a single resource. The use of an advanced solution that combines AI, machine learning and behavioral analysis helps to contain the risks posed by ransomware and theft of credentials and data. Through continuous research, development activities and collaboration with industry partners, Acronis is busy to create the tools that will allow individuals and companies to better defend themselves against emerging IT threats.