Acronis Cyberthreats H2 2024 Report: Ransomware and AI are a dangerous combination

The numbers are in, and 2024 ended with the number and severity of cyberattacks continuing to climb. The trend is likely to continue in 2025.

The Acronis Cyberthreats H2 2024 Report reveals why managing cybersecurity is likely more challenging than it has ever been and won’t get easier anytime soon. The report offers a comprehensive analysis of the cybersecurity landscape, highlighting key statistics and emerging trends, and delivering predictions for 2025.

The second half of 2024 in particular saw an increase of almost 200% in email attacks as the dominant threat, ransomware, continued to menace managed service providers (MSPs) and IT departments. Cyber attackers are increasing their use of artificial intelligence (AI) to develop more effective and seemingly credible phishing attempts. Phishing is far and away the most common attack vector, at the root of 74% of attacks.

Other numbers also reveal the threats that exist in the cybersecurity landscape.

Key findings from the Acronis Cyberthreats H2 2024 Report

A few statistics reveal the status of cybersecurity as 2025 unfolds:

• The number of email-based attacks detected in second half of 2024 increased 197% compared to the second half of 2023, while the number of attacks per organization within the same time frame increased by 21%.

• There was a 5% increase in ransomware attacks in 2024, with many specifically targeting MSPs and industries such as transportation, health care and manufacturing.

• Acronis blocked more than 48 million URLs at the endpoint in Q4 2024, a 7% increase compared to Q3 2024.

• There were 1,712 ransomware cases publicly mentioned in Q4 2024. RansomHub, Akira, Play and KillSec were among the top contributors, with 580 victims in total. The Cl0p ransomware group was highly active in December, with 68 victims.

• 31.4% of all emails received in H2 2024 were spam, and 1.4% contained malware or phishing links.

• The United Arab Emirates, Singapore and Italy were the most targeted focus countries for malware attacks in December 2024.

• The United Arab Emirates had the largest percentage of blocked malicious URLs at the endpoint in December 2024 (16.2%), followed by Brazil with 13.2% and Singapore with 12%.

Acronis experts also made a few key observations in the report:

• Ransomware was once again the dominant threat, with phishing far and away the most common vector of attack. Although they accounted for just 22% of threats, social engineering attacks increased 7% year over year from H2 2023 to H2 2024.

• In 2024, attackers used personalized tactics and AI-driven strategies to exploit vulnerabilities and demand higher ransoms. This trend reflects a shift towards more sophisticated, large-scale attacks aimed at maximizing disruption and financial gain.

• The increase in the sophistication and number of attacks highlights the critical role MSPs play in protecting organizations by offering advanced security measures and incident response strategies.

What happened with cybersecurity in 2024?

The report identifies a few broad trends that emerged last year.

AI-driven threats

The use of AI by cybercriminals is a growing concern. Attackers are using tools such as ChatGPT and unregulated models such as WormGPT and FraudGPT to create and distribute malware, making it easier for attackers to launch sophisticated campaigns. Generative AI continues to help attackers make phishing attempts look more credible and urgent.

Critical industries under attack

The financial services, health care and utilities sectors were frequent targets. For instance, the ransomware attack on Patelco Credit Union affected 726,000 customers, and the breach at Evolve Bank & Trust impacted 7.6 million Americans.

Health care in the crosshairs

The health care industry faced the highest average cost of a breach at $9.77 million, highlighting the severe financial and reputational risks associated with cyber incidents.

What’s to come in cybersecurity in 2025?

The year 2025 will likely see a few negative trends continue to gather speed, while a few new issues and technologies will move into the cybersecurity picture.

Ransomware dominance

Ransomware will likely continue its dominance, with cybercriminals increasingly using AI to automate and scale their attacks, and new ransomware variants may target cloud backups, making recovery nearly impossible without robust defenses.

Double extortion tactics

Attackers will likely adopt double extortion tactics, demanding ransoms both to decrypt files and to prevent the release of sensitive data.

ZTA and IAM

MSPs and IT departments will increasingly adopt Zero Trust Architecture (ZTA) and Identity and Access Management (IAM) systems to prevent unauthorized data access and manage secure access to sensitive information and systems.

IoT security

The exponential growth of internet of things (IoT) devices will introduce new attack surfaces, pushing long-dormant concerns about IoT security to a prominent position in the cybersecurity landscape.

Quantum computing

Quantum computing will pose new challenges, necessitating the exploration of quantum-resistant cryptography. Quantum computers can perform calculations exponentially faster than classical computers, threatening the security of widely-used algorithms. In 2025, businesses will need to explore quantum-resistant cryptography to protect sensitive information.

What MSPs can IT pros can do to protect themselves

As always, a few basic best practices can enable MSPs to protect clients and IT professionals to protect their operations. For 2025, five critical best practices include:

1. Implement multilayered security: Combine behavioral analysis, heuristic detection and AI-driven monitoring to detect and block AI-generated threats.
2. Stay updated: Regularly update software and security protocols to address AI vulnerabilities.
3. Employee education: Adopt security awareness training to teach employees and partners to recognize AI-powered phishing attempts, deepfakes and other social engineering tactics.
4. Leverage AI for defense: Utilize AI-powered cybersecurity solutions to detect and neutralize threats faster and more effectively.
5. Control AI risks: Implement clear policies, monitor AI activity and ensure compliance with data privacy regulations to control the risks associated with AI usage.

For MSPs, the ability to manage cybersecurity, backup and recovery, patch management and other critical elements of client protection in a single system can deliver efficiency, cost savings, improved client service and increased profitability. Acronis Cyber Protect Cloud gives MSPs that ability.  

As 2025 unfolds and challenges mount, Acronis will continue to measure and report on the cybersecurity landscape. Download the full 2024 report to fully explore the cybersecurity trends of the last year and get a feel for what’s to come.