Authors:
Alexander Ivanyuk — Senior Director, Technology
Irina Artioli — Cyber Protection Evangelist
The Acronis Cyberthreats Update covers current cyberthreat activity and trends, as observed by Acronis analysts and sensors. Figures presented here were gathered in August 2024 and reflect threats that we detected as well as news stories from the public domain. This report represents a global outlook and is based on more than one million unique endpoints distributed around the world.
Key findings
Incidents of the month
A recently uncovered vulnerability in AMD processors known as SinkClose (CVE-2023-31315) presents a significant security threat. This flaw enables attackers with Kernel-level (Ring 0) access to escalate their privileges to Ring -2, an exceptionally high level typically reserved for critical system functions, including power management and security controls. By exploiting this vulnerability, hackers can install nearly undetectable malware, making it challenging for traditional security tools to identify and remove.
The SinkClose vulnerability impacts various generations of AMD processors, including the EPYC, Ryzen and Threadripper series. AMD has responded to this threat by issuing mitigations for several of the affected processors, though updates for embedded CPUs will be released at a later date. The severity of this flaw underscores the importance of ensuring systems are promptly updated to protect against potential exploitation.
August malware detections
In August, Acronis Cyber Protect blocked 2.6 million malware threats on endpoints — a 10.1% increase from July.
The below tables show the percentage of Acronis clients that had at least one malware threat blocked at the endpoint (this number has been hovering around 12% for the last year), as well as the normalized percentage of clients with at least one malware detection. The higher the percentage, the higher the risk of a workload in that country being attacked by malware.
Protection
The aforementioned threats can be detected and mitigated with solutions from Acronis.
Acronis Cyber Protect Cloud protects against both known and never-before-seen threats through a multilayered protection approach. This includes behavior-based detection, AI- and ML-trained detections and anti-ransomware heuristics, which can detect and block encryption attempts and roll back any tampered files automatically without any user interaction.
Advanced Security + Extended Detection and Response (XDR) for Acronis Cyber Protect Cloud brings the visibility needed to understand attacks while simplifying the context for administrators and enabling efficient remediation of any threats.