MSP Threats Security Team

The Acronis Cyberthreats Update reveals threat activity and trends from February 2024.

The Acronis Cyberthreats Update covers current cyberthreat activity and trends, as observed by Acronis analysts and sensors. Figures presented here were gathered in January of this year and reflect threats that we detected as well as news stories from the public domain.

CustomerLoader was first spotted in June 2023, delivering different payloads to its targets. It is a .NET loader, so named from the ‘custom’ string in its C&C communication. In this campaign, it used a .LNK file to bring the DuckTail infostealer to victims' machines. DuckTail is a Vietnamese threat group that became active in May 2023. Using phishing job listings on LinkedIn, DuckTail delivers malicious files to victims.

DarkGate was first spotted in 2018. New attacks have used Skype messages with malicious VBA attachments. The main purpose of this script is to download and execute the AutoIt script, which has been observed in DarkGate campaigns since 2020. A user with the name ‘RastaFarEye’ advertised his malware on underground Russian language forums, and it now has numerous capabilities.

The Acronis Cyberthreats Update covers current cyberthreat activity and trends, as observed by Acronis analysts and sensors. Figures presented here were gathered in October of this year and reflect threats that we detected as well as news stories from the public domain. This report represents a global outlook and is based on more than one million unique endpoints distributed around the world.

At the end of July 2023, the Cyclops ransomware group announced on underground forums that the 2.0 version of their ransomware was renamed “Knight.” The Knight ransomware group began its ransomware-as-a-service operations in May 2023, targeting Windows, Linux and MacOS operating systems, encrypting files using Curve25519, HC-256 and ChaCha20 algorithms.

Nokoyawa ransomware was first discovered in February 2022, and it initially shared similarities to the Hive ransomware. As this threat has evolved, it's become more dangerous, and appears to have claimed numerous victims already.

The Acronis Cyberthreats Update covers current cyberthreat activity and trends, as observed by Acronis analysts and sensors. Figures presented here — including malware, URL and ransomware statistics — were gathered in September of this year and reflect threats that we detected as well as news stories from the public domain.

BlackByte is an example of ‘ransomware-as-a-service‘ (RaaS), and the threat actors behind it constantly upgrade their malware to keep customers satisfied. Recent changes have increased the complexity of cybersecurity analytics, while also introducing new anti-analysis and anti-debugging techniques.

The Acronis Cyberthreats Update covers current cyberthreat activity and trends, as observed by Acronis analysts and sensors. Figures presented here — including malware, URL and ransomware statistics — were gathered in August of this year and reflect threats that we detected as well as news stories from the public domain.

The Acronis Cyberthreats Report covers current cyberthreat activity and trends, as observed by Acronis analysts and sensors. Figures presented here — including malware, URL and ransomware statistics — were gathered in July of this year and reflect threats that we detected as well as news stories from the public domain.

8Base ransomware was first spotted in June 2023, with a massive number of targeted victims. It was later discovered that 8Base originated in March 2022 with the launch of an associated data leak site.