AI-enhanced attacks are on the rise, leaving many organisations’ cybersecurity unprepared for the volume of new challenges; reveals cyber protection firm, Acronis, in its latest cyber threats report.
The latest Acronis release, ‘Cyberthreats Report, H2 2023: Alarming rise in cyberattacks, SMBs and MSPs in the crosshairs‘, details how organisations experienced a 54 per cent increase in the number of attacks per organisation.
According to the report, the use of generative AI for cyber-attacks has increased considerably since the public release of OpenAI‘s ChatGPT at the back end of 2022. In fact, it found that AI-enhanced phishing affected 91.1 per cent of organisations across 15 key countries, and contributed to a 222 per cent surge in email attacks in 2023 as compared to the second half of 2022.
Candid Wüest, VP of product management at Acronis, explained: “There’s a disturbing trend being recognised globally where bad actors continue to leverage ChatGPT and similar generative AI systems to increase cyber attack efficiency, create malicious code, and automate attacks. Now, more than ever, corporations need to prioritise comprehensive cyber protection solutions to ensure business continuity.”
The Acronis report also highlights that it expects advanced tactics like supply chain attacks, AI-driven attacks and state-sponsored incursions to intensify. Managed service providers (MSPs) should prepare themselves for threats unique to their operations, including ‘island hopping’, in which attackers use an MSP’s infrastructure to attack clients, as well as ‘credential stuffing’, which exploits an MSP’s broad access to systems.
Michael Suby, research VP at IDC, also added: “Unfortunately, bad actors continue to profit from these activities and are leveraging AI-enhanced techniques to create more convincing phishing schemes, guaranteeing that this problem will continue to plague businesses.”
Acronis also reveals that while the number of new groups and ransomware variants is decreasing, the most renowned families of the attack vector are still causing companies across the globe to lose data and money.
A ransomware group known as ALPHV, which was targeted by the FBI in December 2023, breached over 1,000 entities, demanded over $500million, and received over $300million in ransom payments.
It explains that there is a lack of strong security solutions which would help detect the exploitation of zero-day vulnerabilities.
Organisations are falling victim to attacks due to the delay in patching vulnerable software which enables threat actors to gain domain administrative rights, uninstall security tools and infiltrate sensitive information.
In an effort to address concerns, Acronis is offering training and certification programmes through its MSP Academy for those interested in enhancing their cybersecurity skills and knowledge.