The cyberattack landscape is constantly evolving, with cybercriminals becoming more sophisticated in their methods. According to Acronis’ biannual threat report, the utilization of generative artificial intelligence (AI) systems, like ChatGPT, has significantly contributed to crafting malicious content and executing sophisticated attacks. Small and medium-sized businesses are particularly at risk, with ransomware identified as the dominant threat. Additionally, data stealers are increasingly leveraging stolen credentials to gain unauthorized access to sensitive information.
Ransomware Continues to Pose Significant Risks
While the number of new ransomware variants is declining, the severity of ransomware attacks remains a major concern. Criminals are scaling and enhancing their techniques, compromising systems, and executing attacks more efficiently. This has led to a surge in the volume of threats in 2023 compared to previous years.
Phishing: The Primary Method for Credential Theft
Phishing has emerged as the primary method used by cybercriminals to obtain login credentials. In the first half of 2023, email-based phishing attacks increased by a staggering 464% compared to the previous year. Organizations experienced a 24% increase in attacks per organization over the same period.
The Role of AI in Cyberattacks
Cybercriminals have tapped into the burgeoning market of large language models (LLMs) based on AI technology. These platforms enable them to create, automate, scale, and improve new attacks through active learning. AI-created malware is adept at evading detection in traditional antivirus models, making it more difficult to identify and mitigate cyber threats effectively.
Key Findings from Acronis’ Threat Report
The threat report offers valuable insights into the evolving cyberattack landscape:
Endpoint Protection: In Q1 2023, almost 50 million URLs were blocked at the endpoint, representing a 15% increase over the previous quarter.
Ransomware Cases: In Q1 2023, there were 809 publicly mentioned ransomware cases, with a significant 62% spike in March compared to the monthly average.
Spam and Malware: In the same quarter, 30.3% of all received emails were spam, and 1.3% contained malware or phishing links.
Short Lifespan of Malware: Each malware sample lives an average of 2.1 days in the wild before disappearing, with 73% of samples observed only once.
Public AI Models: Cybercriminals exploit AI models for source code vulnerabilities, creating attacks and developing fraud prevention-thwarting attacks like deep fakes.
Notable Cybercriminal Gangs and Breaches
The threat report highlights several cybercriminal gangs responsible for major data breaches:
Phishing: Phishing attacks make up 73% of all credential thefts, with business email compromises (BECs) accounting for 15% of attacks.
LockBit: This gang was responsible for significant data breaches.
Clop: The gang breached a mental health provider’s system, affecting over 783,000 individuals’ personal and HIPAA-covered data.
BlackCat: The gang stole over 2TB of secret military data, including personal information of employees and customers, from an Indian industrial manufacturer.
Vice Society: This group compromised 1,200 servers and the personal information of 43,000 students, 4,000 academic staff, and 1,500 administrative staff at the University of Duisburg-Essen in Germany.
Challenges in Traditional Cybersecurity Methods
The report highlights several challenges that contribute to successful cyberattacks:
Zero-Day Vulnerabilities: A lack of strong security solutions can make it difficult to detect zero-day vulnerability exploitations.
Delayed Software Updates: Organizations often fail to update vulnerable software promptly, leaving them exposed to known threats.
Inadequate Linux Server Protection: Cybercriminals are increasingly targeting Linux servers, which often lack adequate protection.
Insufficient Data Backup Protocol: Some organizations fail to follow proper data backup protocols, including the 3-2-1 rule, leaving them vulnerable to data loss in the event of an attack.
Proactive Cyber Protection Measures
Acronis emphasizes the need for proactive cyber protection measures to counter the evolving cyber threats. A multi-layered cybersecurity approach combining anti-malware, endpoint detection and response (EDR), data loss prevention (DLP), email security, vulnerability assessment, patch management, remote monitoring and management (RMM), and backup capabilities is crucial. Leveraging advanced solutions that incorporate AI, machine learning, and behavioral analysis can help organizations effectively mitigate the risks posed by ransomware and data stealers.