DUBAI, UAE – Acronis, a global leader in cybersecurity and data protection, today announced new findings for the first half of 2024 in its semi-annual Cyber Threat Report from the Acronis Threat Research division. Titled “Acronis Cyber Threat Report H1 2024: Email Attacks Surge 293% as New Ransomware Groups Emerge,” the report leverages over one million unique Windows endpoints across 15 major countries around the world to raise awareness of global trends in the cybersecurity industry. Most notably, the report revealed that email attacks have surged 293% compared to the same period in 2023.
Impact on the region
The UAE saw a notable increase in malware detections, increasing by 11.7% between January and May 2024. While the region faces significant cybersecurity challenges, this is part of a broader trend affecting many EMEA countries, particularly in terms of increased malware detections and high-profile ransomware attacks. Compared to other EMEA countries, the MENA situation reflects the broader regional challenges. Bahrain had the highest malware detection rate in April 2024 at 63.2%, followed by Egypt, where 42.6% of organizations experienced detections in the same month.
“Insights from Acronis’ H1 2024 Cyber Threat Report highlight the urgent need for increased vigilance and advanced protective measures,” said Ziad Nasr, general manager, Middle East, Acronis. “The UAE has been identified as a ‘prime target’ for ransomware attacks, as the country’s Cybersecurity Council warns. In 2023, the average cost of a data breach in the Middle East exceeded $8 million.”
“MSPs are particularly vulnerable, facing ongoing threats such as phishing, social engineering, and supply chain attacks,” Ziad continues. “Acronis encourages MSPs to adopt a comprehensive security strategy, including incorporating security awareness training and leveraging advanced endpoint protection solutions such as XDR and multi-factor authentication. Our commitment to providing actionable insights through our Cyber Threat Report is intended to strengthen organizations and strengthen global cybersecurity resilience.”
Emerging trends
Ransomware continues to be a major threat to small and medium-sized businesses (SMBs), especially in critical industries such as government and healthcare. In Q1 2024, Acronis observed 10 new ransomware groups conducting a total of 84 cyberattacks worldwide. Among the top 10 most active ransomware families detected during this period, three highly active groups – LockBit, Black Basta, and PLAY – stood out as the main actors, accounting for 35% of attacks. Ransomware detections also trended upward, increasing by 32% from Q4 2023 to Q1 2024.
In support of Acronis’ mission to align business initiatives with managed service providers (MSPs), the report looks at how MSPs are being targeted and compromised. Notably, attack vectors such as phishing, social engineering, vulnerability exploitation, credential compromise, and supply chain attacks are highlighted as the most successful techniques used to penetrate MSPs’ cybersecurity defenses.
“Today’s cybersecurity environment is witnessing an ever-increasing volume and complexity of cyber threats, making it paramount that MSPs take a holistic approach to protecting their customers’ data, systems, and their own digital infrastructure,” said Irina Artioli, report author and cyber protection evangelist at Acronis Threat Research Unit. “To do this effectively, we recommend MSPs adopt a comprehensive security strategy that includes mandating security awareness training and incident response plans, as well as deploying advanced endpoint protection solutions such as extended detection and response (XDR) and multi-factor authentication.”
Additionally, the report highlights emerging cybersecurity trends, highlighting the growing use of generative artificial intelligence (AI) and large language models (LLMs) by threat groups. Specifically, it highlights the growing prevalence of AI in social engineering and automated attacks. The most common AI-generated attacks detected include malicious emails, deepfake Business Email Compromise (BEC), deepfake blackmail, KYC bypass, and script and malware generation. Furthermore, Acronis researchers identified two types of AI threats. The first is AI-generated threats, where malware is created using AI techniques but does not use AI in its operation. The second is AI-enabled malware, where AI is built into its functionality.
Other key findings from the report include:
Middle East threat landscape and trends:
The UAE’s monthly global detection rate remains relatively low compared to high-risk countries such as Germany, France, and Egypt, indicating that the cyber threat landscape, although expanding, is still manageable. The UAE’s monthly global detection rate ranged from 0.8% to 1.9% throughout the first half of 2024. In comparison, Germany’s rates ranged from 6.4% to 9.9%, France’s from 3.6% to 5.5%, and the UK’s from 4.3% to 6.1%. The UAE saw a significant increase in the percentage of clients with malware detections: 17.6% of clients detected malware in January 2024, 18.8% in February, 29.1% in March, and 29.3% in April and May. The sharp increase in malware detections among UAE customers reflects a worrying trend of escalating cyber threats and highlights the urgent need for strengthened cybersecurity measures. Other EMEA countries such as Bahrain and Egypt also saw high malware detection rates, highlighting the challenges across the region. The ransomware attack against Seven Seas Technologies in the UAE, as well as other high-profile cases in EMEA countries, highlight the region’s vulnerability to such threats. The emergence of different ransomware groups targeting different sectors across the EMEA region suggests that the threat landscape is broad and diverse.
Global threat landscape:
The top countries targeted by malware attacks in Q1 2024 were Bahrain, Egypt, and South Korea. 28 million URLs were blocked on endpoints in Q1 2024. 27.6% of received emails were spam, and 1.5% contained malware or phishing links. The average lifespan of a malware sample in the wild is 2.3 days. 1,048 cases of ransomware were publicly announced in Q1 2024, a 23% increase from Q1 2023.
Cybersecurity trends for the first half of 2024:
Ransomware continues to be a major threat to small and medium-sized businesses, with ransomware groups exploiting vulnerable drivers to gain a foothold in systems and disable security tools. In Q1 2024, PowerShell was the most frequently detected MITRE technique. The number of email attacks detected in H1 2024 increased by 293% compared to H1 2023.
Ransomware Trends:
In Q1 2024, Acronis researchers observed 10 new ransomware groups responsible for a total of 84 cyberattacks worldwide. Ransomware detections increased 32% from Q4 2023 to Q1 2024.
Attacks on MSPs:
MSPs were under continuous attack from January to May 2024, and the data showed that email phishing campaigns were most commonly used by attackers. The top five most frequently discovered MITRE ATT&CK techniques in the first half of the year included PowerShell, Windows Management Instrumentation, process injection, data manipulation, and account discovery.
Phishing and email attacks:
Organizations saw a surge in email communication, with the number of emails per organization increasing by 25%. The increase in email volume coincided with a 47% increase in email attacks targeting organizations. 26% of users encountered a phishing attack via a malicious URL. Social engineering increased 5% from 1H23, while malware attacks decreased from 11% in 1H23 to 4% in 1H24.
Leveraging AI:
Cybercriminals continue to make use of malicious AI tools such as WormGPT and FraudGPT. AI can not only assist attackers at every stage of the cyberattack kill chain, but it can also be used as a defense mechanism to detect attacks around the clock, report them to experts and take appropriate response measures to ensure smooth business continuity.
The Acronis H1 2024 Cyber Threat Report is compiled by the Acronis Threat Research Unit and includes data on ransomware threats, phishing, malicious websites, and software vulnerabilities, as well as tips on how to protect yourself against the aforementioned threats. Released semi-annually, the Acronis Cyber Threat Report sets the industry standard by consistently positioning itself as a benchmark for cybersecurity intelligence. Acronis’ analysis of the current cyber threat landscape is published to help users, partners, and the broader global cybersecurity community stay up to date on ongoing cybersecurity developments.
For more information, download the full Acronis H1 2024 Cyber Threat Report here.
To learn more about the report and its findings, visit the Acronis blog.
To learn more about Acronis solutions that can help address these security challenges, including the groundbreaking new native integration of Acronis Advanced Security + XDR, please visit www.acronis.com.
-end-
About Acronis:
Acronis is a global cyber protection company that provides natively integrated cybersecurity, data protection, and endpoint management for Managed Service Providers (MSPs), Small and Medium Businesses (SMBs), and Enterprise IT departments. Acronis solutions are highly efficient and designed to identify, prevent, detect, respond, remediate, and recover from modern cyber threats while minimizing downtime, ensuring data integrity and business continuity. Acronis is uniquely capable of meeting the needs of diverse and distributed IT environments, providing MSPs with the most comprehensive security solutions on the market.
A Swiss company founded in Singapore in 2003, Acronis has 15 offices worldwide and employees in more than 50 countries. Acronis Cyber Protect is available in 150 countries in 26 languages and is used by more than 20,000 service providers to protect more than 750,000 businesses. Learn more at www.acronis.com.