Acronis Cyberthreats Update, May 2024


Alexander Ivanyuk Senior Director, Technology

Irina Artioli Cyber Protection Evangelist

Candid Wüest VP of Product Management

The Acronis Cyberthreats Update covers current cyberthreat activity and trends, as observed by Acronis analysts and sensors. Figures presented here were gathered in April of this year and reflect threats that we detected as well as news stories from the public domain. This report represents a global outlook and is based on more than one million unique endpoints distributed around the world.

Over 11.5 million malicious URLs were blocked at the endpoint by Acronis in April 2024— a 24% increase compared to March 2024. Other key findings include:


Incidents of the month

A recent analysis unveiled a severe security risk for Linux distributions with a backdoor discovered in the widely used XZ Utils open-source library, tracked as CVE-2024-3094 and rated 10 out of 10 on the CVSS scale. The backdoor, allowing remote code execution and potentially granting complete system access, was intentionally inserted by project maintainer Jia Tan (aka JiaT75) through a sophisticated social engineering campaign spanning two years.

Despite the breach being caught early, it highlights vulnerabilities in the open-source supply chain and prompts reflection on reliance and risk management, as the backdoor could have provided unauthorized access to numerous systems through the OpenSSH server process. Additionally, CrushFTP has issued urgent warnings to users regarding an actively exploited zero-day vulnerability, urging immediate patching of servers. The vulnerability, allowing unauthenticated attackers to escape the user's virtual file system and access system files, poses a serious threat. While those employing a DMZ perimeter network are safeguarded, users are advised to promptly upgrade to CrushFTP versions 10.7.1 or 11.1.0 to mitigate the risk.


The following table shows the normalized percentage of clients with at least one ransomware detection in the given month. The higher the number, the higher the risk of a workload in that country being attacked by ransomware.

Among the top three countries by normalized ransomware detections in April, South Korea ranks first, followed by the Philippines and China. 


And of 15 countries analyzed for normalized ransomware detections, the Netherlands saw the highest number of detections.



The aforementioned threats can be detected and mitigated with solutions from Acronis.

Acronis Cyber Protect Cloud protects against both known and never-before-seen threats through a multilayered protection approach. This includes behavior-based detection, AI/ML-trained detections and anti-ransomware heuristics, which can detect and block encryption attempts and roll back any tampered files automatically without any user interaction.

Additional advanced email security and URL filtering can help you protect against social engineering threats. And Acronis #CyberFit score helps you quickly identify systems that need attention, while the integrated Patch Management makes updating your software to the latest versions simple.

Advanced Security + Endpoint Detection and Response (EDR) for Acronis Cyber Protect Cloud brings the visibility needed to understand attacks while simplifying the context for administrators and enabling efficient remediation of any threats.

Learn more about Acronis’ approach to cyber protection.