Email-based cyberattacks have seen a staggering increase of 293% in the first half of 2024, as compared to the same period last year, reports Acronis. This alarming trend underscores a broader escalation in digital threats, with ransomware detections alone rising by 32% from the last quarter of 2023 to the first quarter of 2024.
Ransomware remains a particularly acute concern for small and medium-sized businesses (SMBs) operating in critical sectors such as government and healthcare. The first quarter of 2024 saw the emergence of 10 new ransomware groups, collectively responsible for 84 cyberattacks worldwide. Notably, three groups—LockBit, Black Basta, and PLAY—were particularly prolific, accounting for 35% of these incidents.
The report also sheds light on how managed service providers (MSPs) are increasingly becoming targets. Successful attack vectors highlighted include phishing, social engineering, vulnerability exploits, credential compromises, and supply chain attacks. These methods underscore the sophisticated tactics employed by cybercriminals to breach the defenses of MSPs.
Irina Artioli, Cyber Protection Evangelist at the Acronis Threat Research Unit, emphasized the critical nature of these developments: “As a result of the increasing volume and complexities of cyber threats we continue to uncover in the current cybersecurity landscape, it is of the utmost importance that MSPs take a holistic approach to securing their customer’s data, systems, and unique digital infrastructures.”
Artioli advocates for a robust defense strategy, suggesting, “To do this effectively, we recommend MSPs adopt a comprehensive security strategy, including mandating security awareness trainings and incident response planning, as well as deploying advanced endpoint protection solutions like extended detection and response (XDR), multi-factor authentication, and more.”
The report also highlights the role of generative artificial intelligence (AI) and large language models (LLMs) in evolving cyber threats. AI technologies are increasingly exploited for social engineering and automation attacks, with tactics ranging from AI-generated malicious emails to deepfake business email compromise (BEC), deepfake extortions, and script and malware generation.
Researchers distinguish between two categories of AI-related threats. The first, AI-generated threats, involves malware developed using AI techniques that do not utilize AI in its operational phase. The second category, AI-enabled malware, incorporates AI into its functionality, enhancing its effectiveness and adaptability.
For small business owners and solopreneurs, these trends not only highlight the escalating sophistication of cyber threats but also stress the urgent need for robust cybersecurity measures tailored to their unique operational landscapes.