Acronis, a global leader in cyber protection, has confirmed that in the first half of 2023 alone, the number of email-based phishing attacks has surged 464% in comparison to 2022.
Its findings are contained in the company's Mid-Year Cyberthreats Report, From Innovation to Risk: Managing the Implications of AI-driven Cyberattacks, which also cite a 24% increase in attacks per organisation.
Monitored endpoints set up by Acronis observed a 15% increase in the number of files and URLs per scanned email. It also posits how cybercriminals are using large language model (LLM)-based AI tools to create, automate, scale and improve new cyber attacks.
Cybercriminals using ChatGPT to execute online attacks
The report was conducted based on data captured from more than one million global endpoints and aims to provide insight into an ever-evolving cybersecurity landscape. It has ultimately uncovered the growing use of generative AI systems, such as ChatGPT, by cybercriminals to craft malicious content and conduct cyber attacks.
According to the report, phishing is the primary method criminals use to unearth login credentials. It demonstrates that the negative implications of generative AI impacting businesses continues to be a concern.
- 50m URLs blocked by Acronis (Q1 2023) - a 15% increase
- 62% spike in publicly mentioned ransomware cases
- 73% of all attacks were phishing
- 30.3% of all received emails were spam (1.3% contained malware or phishing links)
The research also found that the LockBit gang was responsible for major data breaches, as well as Cl0p, who breached a mental health provider’s system and affected the data of more than 783,000 individuals as a result. Malware like BlackCat also stole more than 2TB of secret military data, including personal employee information.
The threat report highlights that ransomware remains a very significant risk to small and medium-sized businesses. Although the number of new ransomware variants continues to decline, Acronis still suggests that the severity of this type of attack remains significant.
The digital evolution of the cyberattack
Equally concerning is the growing prominence of data stealers, who leverage stolen credentials to gain unauthorised access to sensitive information. This continues to be a global issue, as companies and businesses like Fujitsu are still suffering the effects of huge data breaches.
“The volume of threats in 2023 has surged relative to last year, a sign that criminals are scaling and enhancing how they compromise systems and execute attacks,” said Candid Wüest, VP of Research at Acronis.
He continued: “To address the dynamic threat landscape, organisations need agile, comprehensive, unified security solutions that provide the necessary visibility to understand attacks, simplify context, and provide efficient remediation of any threat, whether it may be malware, system vulnerability, and everything in between.”
Cybercriminals are becoming more sophisticated in their attacks and are capable of using AI and existing ransomware code to further hack into computer systems and obtain sensitive information. Ransomware attacks in particular have exploded in 2023, with an increase of 60% having been reported earlier in the year.
In its report, Acronis emphasises the need for proactive cyber protection measures. It claims that leveraging an advanced solution that combines AI, machine learning (AI/ML) and behavioural analysis can help mitigate risks posed by ransomware and data stealers.
- Fortinet announce veteran council to narrow cyber skills gapOperational Security
- Checkmarx uncover attack impersonating GitHub DependabotApplication Security
- Top 10 application security companiesCloud Security
- Splunk: Software developers committed to digital resilienceOperational Security