Acronis Cyberthreats Update, November 2024

Authors:

Alexander Ivanyuk Senior Director, Technology

Irina Artioli Cyber Protection Evangelist

The Acronis Cyberthreats Update covers current cyberthreat activity and trends, as observed by Acronis the Acronis Threat Research Unit (TRU) and sensors. Figures presented here were gathered in October of this year and reflect threats that we detected as well as news stories from the public domain. This report represents a global outlook and is based on more than one million unique endpoints distributed around the world.

Acronis

Incidents of the month

A new security vulnerability in Windows allows attackers to bypass Driver Signature Enforcement (DSE), enabling rootkit installations by downgrading system files to versions with known flaws. Exploiting this bypass, attackers can install malicious drivers at the kernel level, gaining deep control over the system and evading detection.

Researcher Alon Leviev demonstrated that attackers can exploit the ci.dll component — responsible for signature verification — by running a privilege escalation attack, making it a high-risk issue as Microsoft works on permanent mitigations. Despite the vulnerability being reported, Microsoft has not yet fully addressed this issue, leaving systems at risk. Attackers need admin privileges to exploit this vulnerability effectively. Microsoft is currently developing mitigations for future updates.

October malware detections

In October, Acronis Cyber Protect blocked 1.7 million malware threats on endpoints — a 15% decrease from September.

The below tables show the percentage of Acronis clients that had at least one malware threat blocked at the endpoint (this number has been hovering around 12% for the last year), as well as the normalized percentage of clients with at least one malware detection. The higher the percentage, the higher the risk of a workload in that country being attacked by malware.

Acronis
Acronis

Protection

The aforementioned threats can be detected and mitigated with solutions from Acronis.

Acronis Cyber Protect Cloud protects against both known and never-before-seen threats through a multilayered protection approach. This includes behavior-based detection, AI- and ML-trained detections and anti-ransomware heuristics, which can detect and block encryption attempts and roll back any tampered-with files automatically, without any user interaction.

Advanced Email Security and URL filtering can help you protect against social engineering threats. And the Acronis #CyberFit score helps you quickly identify systems that need attention, while the integrated patch management makes updating your software to the latest versions simple.

Advanced Security + Extended Detection and Response (XDR) for Acronis Cyber Protect Cloud brings the visibility needed to understand attacks while simplifying the context for administrators and enabling efficient remediation of any threats.