Authors:
Alexander Ivanyuk — Senior Director, Technology
Irina Artioli — Cyber Protection Evangelist
The Acronis Cyberthreats Update covers current cyberthreat activity and trends, as observed by the Acronis Threat Research Unit and sensors. Figures presented here were gathered in 2024 and reflect threats that we detected as well as news stories from the public domain. This report represents a global outlook and is based on more than one million unique endpoints distributed around the world.
Incidents of the month
A phishing campaign exploiting Black Friday and Cyber Monday targeted shoppers in Europe and the U.S. with fake discount websites to steal sensitive information. These sites impersonate brands like IKEA, The North Face and Wayfair, offering fake deals to trick users into entering personal and payment data.
Suspected to be the Chinese group SilkSpecter, threat actors behind the campaign used phishing domains with typosquatting tactics (e.g., northfaceblackfriday[.]shop) and tools like Google Translate to adapt site content based on geolocation. The stolen financial data is processed via services like Stripe to appear legitimate, while phone numbers are collected for follow-up smishing or vishing attacks. SEO poisoning and social media are suspected methods to drive traffic to these malicious sites.
The campaign highlights how trusted brands and high shopping activity periods are weaponized to execute large-scale financial fraud and data theft.
The below table shows the top three countries by normalized ransomware detections. It also indicates the percentage of Acronis clients that had at least one malware threat blocked at the endpoint (this number has been hovering around 12% for the last year).
The following table shows the normalized percentage of clients with at least one ransomware detection in the given month. The higher the number, the higher the risk of a workload in that country being attacked by ransomware.
Protection
The aforementioned threats can be detected and mitigated with solutions from Acronis.
Acronis Cyber Protect Cloud protects against both known and never-before-seen threats through a multilayered protection approach. This includes behavior-based detection, AI- and ML-trained detections and anti-ransomware heuristics, which can detect and block encryption attempts and roll back any tampered files automatically without any user interaction.
Additional advanced email security and URL filtering can help you protect against social engineering threats. Acronis’ #CyberFit score helps you quickly identify systems that need attention, and integrated patch management makes updating your software to the latest versions simple.
Advanced Security + Extended Detection and Response (XDR) for Acronis Cyber Protect Cloud brings the visibility needed to understand attacks while simplifying the context for administrators and enabling efficient remediation of any threats.