Author: Alexander Ivanyuk — Senior Director, Technology
Incident of the month
In January 2026, one of the most significant cybersecurity incidents of the month emerged when a coordinated identity-based cyberattack led to a wave of data breaches across multiple major organizations, including Panera Bread, CarMax, Edmunds, Crunchbase and Betterment. The incident attracted widespread attention due to both its scale — impacting an estimated 14 million individuals — and its cross-industry reach, affecting retail, financial services and online platforms simultaneously.
The attack was attributed to the ShinyHunters threat group, which leveraged compromised single sign-on (SSO) credentials obtained through voice-phishing campaigns targeting enterprise identity providers such as Microsoft Entra, Okta and Google. Rather than exploiting a single software vulnerability, attackers abused trusted identity infrastructure to gain persistent access, enabling large-scale data exfiltration that included customer names, email addresses, phone numbers and account-related information.
The incident underscored a growing industry concern: Identity systems have become a primary attack surface, and breaches can rapidly cascade across multiple organizations when centralized authentication platforms are compromised. Even without exploiting novel zero-day vulnerabilities, attackers were able to cause widespread harm by targeting human trust and identity workflows, highlighting the systemic risk posed by modern, federated authentication models.
January malware threat detections
In January, Acronis Cyber Protect blocked more than 1.7 million dangerous processes / malware samples on endpoints.
The table below show the percentage of unique Acronis clients that had at least one malware threat blocked at the endpoint. In January 2026, the percentage increased slightly to 3.67%, representing a minor month-over-month rise of 0.03 percentage points compared to December 2025. While this uptick is marginal, it marks a stabilization phase rather than a reversal of the broader downward trend observed in 2025.
When compared to mid-2025 levels, January 2026 remains significantly lower, with malware exposure affecting roughly 40% fewer clients than in June 2025.
In January, Palestine recorded the highest malware detection rate globally, with 54.1% of unique users experiencing at least one malware detection, indicating an exceptionally high level of threat exposure. Sri Lanka (18.8%) and Bangladesh (17.3%) followed at a considerable distance, highlighting a sharp drop-off after the top-ranked country and a highly uneven geographic distribution of malware activity.
The web threats data shows a broad month-over-month increase in detection rates from December 2025 to January 2026, with the most notable jumps in South Korea (from 5.5% to 9.7%), Singapore (8.2% to 9.7%) and Canada (10.8% to 12.3%), indicating a sharp rise in the share of affected unique clients. Most other countries experienced modest increases, while a few saw slight declines, notably New Zealand (7.3% to 6.1%), Mexico (6.5% to 6.1%), Brazil (8.9% to 8.6%) and the U.K. (5.5% to 5.4%), suggesting localized improvements or lower activity in January.
Protection
The threats can be detected and mitigated with solutions from Acronis.
Acronis Cyber Protect Cloud protects against both known and never-before-seen threats through a multilayered protection approach. This includes behavior-based detection, AI- and ML-trained detections and anti-ransomware heuristics, which can detect and block encryption attempts and roll back any tampered files automatically without any user interaction.
Additional email security and URL filtering can help you protect against social engineering threats. And, your Acronis #CyberFit Score helps you quickly identify systems that need attention, while integrated patch management makes updating your software to the latest versions simple.
Acronis XDR for Acronis Cyber Protect Cloud brings the visibility needed to understand attacks while simplifying the context for administrators and enabling efficient remediation of any threats.