Summary: Email attacks have surged by 293% in the first half of 2024 compared to the same period in 2023, with ransomware detections also increasing significantly. The report highlights the targeting of small and medium-sized businesses (SMBs), particularly in government and healthcare, and the emerging use of AI in cyber threats.
Threat Actor: Various Ransomware Groups | ransomware groups
Victim: Small and Medium-sized Businesses (SMBs) | small and medium-sized businesses
Key Point :
- Email phishing campaigns were the most prevalent attack method, with a 47% increase in email attacks targeting organizations.
- Three ransomware groups—LockBit, Black Basta, and PLAY—were responsible for 35% of the attacks in Q1 2024.
- Cybercriminals are increasingly using generative AI tools for social engineering and automation attacks, including malicious emails and deepfake scams.
- MSPs are advised to adopt comprehensive security strategies, including security awareness training and advanced endpoint protection solutions.
- Despite the rise in phishing, malware attacks decreased from 11% in H1 2023 to 4% in H1 2024.
Email attacks have surged by 293% in the first half of 2024 compared to the same period in 2023, according to Acronis. The number of ransomware detections was also on the rise, increasing 32% from Q4 2023 to Q1 2024.
Ransomware remains a top threat for SMBs in government and healthcare
Ransomware continues to threaten small and medium-sized businesses (SMBs), particularly in critical industries such as government and healthcare. In Q1 2024, Acronis observed 10 new ransomware groups who together claimed 84 cyberattacks globally. Among the top 10 most active ransomware families detected during this time, three highly active groups stand out as the primary contributors, collectively responsible for 35% of the attacks: LockBit, Black Basta, and PLAY.
The report observes how MSPs are being targeted and compromised. Of note, attack vectors including phishing and social engineering, vulnerability exploits, credential compromises and supply chain attacks were highlighted as the most successful techniques used to breach MSPs’ cybersecurity defenses.
“As a result of the increasing volume and complexities of cyber threats we continue to uncover in the current cybersecurity landscape, it is of the utmost importance that MSPs take a holistic approach to securing their customer’s data, systems, and unique digital infrastructures,” said Irina Artioli, Cyber Protection Evangelist at Acronis Threat Research Unit.
“To do this effectively, we recommend MSPs adopt a comprehensive security strategy, including mandating security awareness trainings and incident response planning, as well as deploying advanced endpoint protection solutions like extended detection and response (XDR), multi-factor authentication, and more,” Artioli continued.
Additionally, the report focuses on emerging cybersecurity trends, highlighting the increasing use of generative artificial intelligence (AI) and large language models (LLMs) by threat groups.
Specifically, it underscores the growing prevalence of AI being leveraged in social engineering and automation attacks. The most common AI-generated attacks that were detected include malicious emails, deepfake business email compromise (BEC), deepfake extortions, KYC bypass, and script and malware generation.
Furthermore, researchers have identified two types of AI threats. The first involves AI-generated threats, in which malware is created using AI techniques but does not utilize AI in its operations. The second is AI-enabled malware, which incorporates AI into its functionality.
Phishing and email attacks
MSPs were under consistent attack from January to May 2024, with data revealing email phishing campaigns were the most used by attackers. The top five most frequently discovered MITRE ATT&CK techniques in the first half of the year included PowerShell, Windows Management Instrumentation, Process Injection, Data Manipulation and Account Discovery.
Organizations experienced a surge in email communications, with the number of emails per organization increasing by 25%. The rise in email volume coincided with a 47% increase in email attacks targeting organizations. 26% of users encountered phishing attempts through malicious URLs. Social engineering increased 5% since H1 2023; however, malware attacks decreased from 11% in H1 2023 to 4% in H1 2024.
Cybercriminals continue to leverage malicious AI tools like WormGPT and FraudGPT. While AI can assist attackers at every stage of the cyberattack kill chain, it can also be used as a defense mechanism as it allows for around the clock detection of attacks and reports them to experts to take appropriate response actions to ensure smooth business continuity.
Source: https://www.helpnetsecurity.com/2024/08/06/email-attacks-h1-2024