Acronis Mid-Year Cyberthreats Report '23: Managing the implications of AI-driven cyberattacks

Cyberthreats are evolving faster than ever. For many organizations, even keeping up with these developments can feel impossible, to say nothing of getting ahead of the curve.

Fortunately, you’ve got Acronis in your corner. The security experts at our global network of Cyber Protection Operation Centers (CPOCs) monitor the threat landscape 24/7, conducting original research to help us better understand cutting-edge cybercrime trends and developments — and passing that knowledge along to you.

We’ve just released the Acronis Mid-Year Cyberthreats Report 2023, a free resource for security-minded professionals. Readers will learn about the latest shifts in attack patterns, how cybercrime gangs are evolving and how new technologies (like AI and automation) are changing the game — not to mention plenty of actionable tips to help you stay safe through the back half of the year.

Here are a few of the key cyberthreat trends we’ve seen in the early months of 2023:

We continue to see a decline in the number of new ransomware samples, but the situation remains dire. Ransomware gangs are still breaching organizations around the globe fairly easily.

Looking at The Record’s ransomware tracker, it’s quite clear that the total number of known victims continues to grow:

Cybercriminals use popular tools with legitimate utility, like PowerShell and Mimikatz, to execute malicious scripts and elevate privileges on compromised machines. Known vulnerabilities continue to be exploited on a massive scale, taking advantage of the fact that many organizations still don’t use vulnerability assessments and patch management to apply security fixes across their entire environments in a timely fashion.

One reason for the relative lack of new ransomware families is the existence of leaked code. Some cybercrime gangs are using successful ransomware variants as the basis for their own malware, rather than reinventing the wheel with something entirely new. The LockBit gang, for example, reused big chunks of leaked Conti code in their latest release. Similarly, the Babuk source code (leaked in 2021) is still being used by other gangs, especially those who are interested in targeting Linux and VMware ESXi.

Phishing messages — whether delivered through email, instant messaging applications or other channels — are still a top danger for organizations of all sizes in 2023.

Examining data collected from the Advanced Email Security pack for Acronis Cyber Protect Cloud (which is powered by Perception Point), we see just how significant the threat is:

• The number of email-based attacks seen thus far in 2023 has surged by 464% compared to the first half of 2022.
• The number of attacks per organization (within the same time frame) has increased by 24% this year.
• The number of files and URLs per email — any of which could pose a potential threat — has increased by 15% this year.  
  

Out of all malicious messages scanned by the Advanced Email Security pack, 73% took the form of phishing attacks, with business email compromise (BEC) scams making up 15% and malware comprising an additional 11%.

Phishing continues to be one of cybercriminals’ favorite tools for penetrating systems, and we’ve explored some notable incidents from this year in greater detail within the full report. Organizations must be more vigilant than ever, investing in continued awareness training for employees as well as advanced email protection solutions as an additional layer of security — one which blocks dangerous threats before they can reach your endpoints.

Breaches of sensitive information were a major issue in 2022. Unfortunately, the problem appears to have grown even larger in the first half of this year.

Data breaches are often associated with ransomware attacks, but there are many ways they can manifest. Data may be exfiltrated silently from compromised systems on an ongoing basis — with its theft only revealed much later, when it appears for sale on underground forums. Information-stealing malware is a big category, and these threats vary in functionality.

The security experts at the Acronis CPOCs observed many such breaches from January–May, impacting a list of organizations that includes T-Mobile, Acer, the American Bar Association and Pepsi Bottling Ventures. Detailed information on these incidents (and more) is available in the full Acronis report.

The majority of data breaches in the early months of 2023 were caused by previously established and prolific malware families, such as Racoon Stealer and PlugX. Researchers have also observed a rise in the use of the EvilExtractor infostealer (available in SaaS format) and have discovered a new macOS infostealer (“MacStealer”) that is being actively advertised and developed further.

Hardly a week goes by without the release of new AI tools, especially generative AIs and conversational chatbots.

Much has changed since ChatGPT became generally available in November of 2022. Large language models (LLMs) are using vaster amounts of training data, and are more connected than ever to the internet. This enables significant new functionality for even users with limited technical expertise.

No surprise, then, that cybercriminals are experimenting with this new generation of AI. They use it to create new attacks at scale, to automate multi-stage attacks and even to generate new code on the fly in an attempt to evade anti-malware defenses.

Companies behind these AI models have begun introducing filters, making illicit requests (like the generation of phishing messages or malware code) more difficult to fulfill. Still, their effectiveness depends on how the question is asked. Users continue to find creative ways of side-stepping these rules.

For more on the latest cybersecurity trends — including an exploration of how AI is being used to generate, and defend against, malware and other dangerous threats — as well as plenty of actionable tips to keep you protected, read the full Acronis Mid-Year Cyberthreats Report 2023 today.