November 06, 2023  — 
MSP Threats Security Team

Acronis Cyberthreats Update, November 2023

Authors:

Alexander Ivanyuk Senior Director, Technology

Irina Artioli Cyber Protection Evangelist

Candid Wüest VP of Product Management

The Acronis Cyberthreats Update covers current cyberthreat activity and trends, as observed by Acronis analysts and sensors. Figures presented here were gathered in October of this year and reflect threats that we detected as well as news stories from the public domain. This report represents a global outlook and is based on more than one million unique endpoints distributed around the world.

Acronis
The top 5 numbers for this report

The top five numbers for this report

  • 3.9 million malicious URLs were blocked at the endpoint by Acronis in October 2023. That’s a decrease of 5% compared to September and 3.3 times less than in October 2022.
  • Acronis detected 47,000 endpoints with malware attacks in October, a 6.7% decrease compared to September.
  • Ransomware detections at the endpoint decreased 8% from September to October. The most active ransomware group in October was LockBit, claiming 65 victims.
  • In October, Endpoint Detection and Response (EDR) for Acronis Cyber Protect Cloud detected more than 352,000 incidents, a majority of which were automatically remediated.
  • Acronis recorded more than 350 data breaches that were reported globally.

Incidents of the month

Well-known genetic testing provider 23andMe faces multiple class action lawsuits in the United States after a large-scale data breach that seems to have impacted millions of its customers. A threat actor leaked 23andMe customer data in a CSV file named 'Ashkenazi DNA Data of Celebrities.csv' on hacker forums.

The file allegedly contained the data of nearly one million people, including information on users' account IDs, full names, sex, date of birth, DNA profiles and location and region details.

A company spokesperson said that the attackers accessed the platform through a credential-stuffing attack, by which passwords from other breaches are tested for reuse. Ransomware attacks are often the origin for data leaks as part of dual extortion strategies, but this case shows that there still are pure data breaches too.

We can only speculate how much 23andMe will be forced to pay in damages, but it could exceed the price of paying for adequate security. Zero trust access and MFA can help mitigate the impact of password reuse.

October malware detections

In October, Acronis Cyber Protect blocked 1.8 million malware threats on endpoints, a decrease of 30% compared to September.

It’s important to stop malware early in the attack chain — for example, by blocking the malicious emails that deliver them. Nevertheless, many threats still do make it to the endpoint.

The following table shows the percentage of Acronis clients that had at least one malware threat blocked this month. This number has been hovering around 12% for the year so far.

Acronis
Percentage of Acronis clients with blocked malware

Daily ransomware detections, September – October 2023

The following table shows the normalized percentage of clients with at least one ransomware detection in the given month. The higher the number, the higher the risk of a workload in that country being attacked by ransomware.

Acronis
Daily ransomware detections, September - October 2023, and top three countries by normalized ransomware detections
Acronis
Normalized ransomware detections in focus countries

The following statistics are based on data from darknet websites, where ransomware groups publish reports about their victims and release stolen files. These figures may change slightly over time, as not all ransomware groups announce their successes immediately, and some keep victims’ names private while ransom negotiations are ongoing. The below data represents claims by ransomware groups, which differ from the detection numbers listed above.

Acronis
Top five countries by number of claimed victims and the top five most active ransomware families by number of claimed victims, October 2023

Protection

The aforementioned threats can be detected and mitigated with solutions from Acronis.

While it is hard to prevent data leakage from the servers of the vendors of different cloud or web services, features such as Identity Protection, which we recently introduced in Acronis Cyber Protect Home Office, will help prosumers and businesses to determine if their confidential or personal data was compromised and leaked publicly, including on the dark web.

Endpoint Detection and Response (EDR) for Acronis Cyber Protect Cloud brings the visibility businesses need to understand attacks, while simplifying the context for administrators and enabling efficient remediation of any threat.

Learn more about Acronis’ approach to cyber protection.