Acronis cyberthreats update, September 2023

0
109
UAE witnesses unprecedented ransomware resilience - Acronis report highlights flatlining threats
UAE witnesses unprecedented ransomware resilience - Acronis report highlights flatlining threats

Acronis detected 42,890 endpoints with malware attacks in August, a 16% increase compared to July

India, September 18, 2023: The Acronis Cyber Threats Update covers current cyberthreat activity and trends, as observed by Acronis analysts and sensors. The figures presented here were gathered in August of this year and reflect threats that we detected as well as news stories from the public domain. This report represents a global outlook and is based on over one million unique endpoints distributed around the world.

The top five numbers for this report are:

  • 7.1 million malicious URLs were blocked at the endpoint by Acronis in August 2023. That’s a decrease of 55% compared to July, but 1% more than in August 2022.

  • Acronis detected 42,890 endpoints with malware attacks in August, a 16% increase compared to July.

  • Ransomware detections at the endpoint increased by 3% from July to August. The most active ransomware group in August was LockBit, which claimed 126 victims.

  • In August, the Endpoint Detection and Response (EDR) pack for Acronis Cyber Protect Cloud detected more than 225,000 incidents, the majority of which were automatically remediated.

  • We recorded almost 379 data breaches that were reported globally.

Incidents of the month

Data breaches remain a widespread nuisance, affecting millions of users. In August, for example, a data breach at Discord.io exposed the information of 760,000 members, including hashed passwords. This data has already been made available for purchase on an underground forum.

Another recent data breach impacted Pôle emploi, the French unemployment registration and financial aid agency. Data belonging to an estimated 10 million citizens was exposed. Luckily, this did not include email, passwords, or banking credentials. Nevertheless, the data is still useful for cybercriminals, and such information is often used to personalise future social engineering email campaigns.

The most common causes behind data breaches are double-extortion ransomware, SQL injections, and information-stealing Trojans. One of the more common infostealers, Raccoon Stealer, announced a new version (2.3.0) in August. This new version is stealthier and attempts to prevent researchers from finding their online dashboard while stealing credentials from 60 different applications. Raccoon Stealer is distributed under the malware-as-a-service (MaaS) model and is currently being sold for $200 per month.

With so many avenues available for cybercriminals to attack data, the importance of robust data protection is paramount.

Ransomware detections

Ransomware detections in August increased by 3% compared to July 2023. The day with the most ransomware detections was August 9, when 438 encryption attempts were blocked.

The statistics presented here are taken from Acronis’ anti-ransomware heuristics, which detect encryption attempts on any workload. This represents the last line of defence in the protection layer. Threats that reached this stage were able to penetrate or disable all previous layers of protection, such as email filters and static antivirus detection processes. The actual number of attempted ransomware attacks will thus be higher.

Daily ransomware detections, July–August 2023

0pOwdObqdJfAYfyHlbLQ4Jg3mOhXXlA2h1PBE9qcGVUPzPs5RIdF4zP

The following table shows the normalised percentage of clients with at least one ransomware detection in the given month. The higher the number, the higher the risk of a workload in that country being attacked by ransomware.

Top 10 countries by normalised ransomware detections

lQihHZRLcUUVdwDzb sYBtZSfk3a1vbbQpuzb2m0TfARxsSAPUWxTRhBxu3jHVCJJJ1lOLWb 5ZoBdVeV3XID 37bPR9SpiKnpFD I Ftr5bnzSuQquuYjfpJQnrlu9UNUDDZIsbBqEl27jRPfaesA

The following statistics are based on data from darknet websites, where ransomware groups publish reports about their victims and release stolen files. These figures may change slightly over time, as not all ransomware groups announce their successes immediately, and some keep victims’ names private while ransom negotiations are ongoing. These numbers represent the view from the ransomware groups’ side, which differs from the detection numbers listed above.

Top 5 most active ransomware families by number of claimed victims, and the top 5 countries by number of claimed victims, August 2023

g07TpBqUOLnVJGTdLgI2FBgsvBRkDIs9T 9GG 7XLw7 S82t3P6D5XroZV5O65ZGUUaomIaTeAgA CdAIDEYs GS2mT1bkQ1IYOQJK24I3M0WUs6x0VA2 d4V I10twNAdtj74jnZjB8FMc0QmftPg

Protection

The aforementioned threats can be detected and mitigated with solutions from Acronis.

Acronis Cyber Protect protects against both known and never-before-seen threats through a multilayered protection approach. This includes behaviour-based detection, AI- or ML-trained detections, and anti-ransomware heuristics, which can detect and block encryption attempts and roll back any tampered files automatically, without any user interaction.

The Endpoint Detection and Response (EDR) pack for Acronis Cyber Protect Cloud brings the visibility needed to understand attacks while simplifying the context for administrators and enabling efficient remediation of any threats.

Also readHow does a unified mechanism in the banking operations help in customizing customer interest through various services?

Do FollowCIO News LinkedIn Account | CIO News Facebook | CIO News Youtube | CIO News Twitter

About us:

CIO News, a proprietary of Mercadeo, produces award-winning content and resources for IT leaders across any industry through print articles and recorded video interviews on topics in the technology sector such as Digital Transformation, Artificial Intelligence (AI), Machine Learning (ML), Cloud, Robotics, Cyber-security, Data, Analytics, SOC, SASE, among other technology topics.