Cybercriminals Exploit AI Systems and Target Small Businesses, Reveals Acronis Report

Acronis reports that cybercriminals are adopting generative artificial intelligence (AI) systems, such as ChatGPT, to develop malicious content and execute advanced cyberattacks, indicating an evolving landscape of cyber threats.

The latest threat report from Acronis highlights ransomware as the primary risk for small and medium-sized businesses. Although the number of new ransomware variants is decreasing, the severity of ransomware attacks remains significant. Additionally, the report raises concerns about the increasing prominence of data stealers who exploit stolen credentials to gain unauthorized access to sensitive information.

Candid Wüest, Vice President of Research at Acronis, stated that the volume of threats in 2023 has risen compared to the previous year, suggesting that criminals are scaling up and enhancing their methods of compromising systems and carrying out attacks. To address this dynamic threat landscape, organizations need agile and comprehensive security solutions that provide visibility into attacks, simplify contextual understanding, and facilitate efficient threat remediation, encompassing malware, system vulnerabilities, and other potential risks.

Phishing is the primary method employed by criminals to obtain login credentials, with a significant surge of 464% in email-based phishing attacks in the first half of 2023, compared to 2022. During the same period, there has been a 24% increase in attacks per organization. Acronis has observed a 15% rise in the number of files and URLs per scanned email on the endpoints it monitors. Cybercriminals have also begun leveraging large language model (LLM)-based AI platforms to create, automate, scale, and improve new attacks through active learning.

The cyberattack landscape is constantly evolving, with cybercriminals becoming more sophisticated in their tactics. They are employing AI and existing ransomware code to penetrate victims' systems more deeply and extract sensitive information. AI-generated malware is adept at evading detection in traditional antivirus models, resulting in a significant increase in publicly reported ransomware cases compared to the previous year. Acronis-monitored endpoints have provided valuable insights into the operations of these cybercriminals, revealing the increasing intelligence, sophistication, and difficulty of detecting some attacks.

The key findings from the Acronis report, based on extensive research and analysis, include the following:

  • In Q1 2023, nearly 50 million URLs were blocked at the endpoint, indicating a 15% increase over Q4 2022.
  • There were 809 publicly mentioned ransomware cases in Q1 2023, with a notable spike of 62% in March compared to the monthly average of 270 cases.
  • In Q1 2023, spam accounted for 30.3% of all received emails, and 1.3% contained malware or phishing links.
  • The average lifespan of a malware sample in the wild is 2.1 days, with 73% of samples observed only once.
  • Public AI models inadvertently facilitate criminals in identifying source code vulnerabilities, creating attacks, and developing fraud prevention-evading techniques like deep fakes.
  • Regarding credential theft, phishing remains the most popular method, accounting for 73% of all attacks, followed by business email compromises (BECs) at 15%. Notable breaches include the LockBit gang responsible for major data breaches, Clop breaching a mental health provider's system, BlackCat stealing secret military data, and Vice Society compromising servers and personal information at the University of Duisburg-Essen in Germany.

The report also highlights major security concerns, including the lack of strong security solutions capable of detecting zero-day vulnerability exploits, delays in updating vulnerable software, inadequate protection for Linux servers, and organizations failing to follow proper data backup protocols.

In light of these trends, Acronis emphasizes the importance of proactive cyber protection measures. A robust cybersecurity posture requires a multi-layered solution that combines anti-malware, endpoint detection and response (EDR), data loss prevention (DLP), email security, vulnerability assessment, patch management, remote monitoring and management (RMM), and backup capabilities. Leveraging advanced solutions that incorporate AI, machine learning, and behavioral analysis can help mitigate the risks posed by ransomware and data stealers.

Share this page: