There has been a dramatic rise in email attacks and ransomware incidents, with an Acronis report noting a staggering 293% increase in email attacks in the first half of 2024 compared to the same period in 2023.

This surge aligns with a 25% increase in email volume per organization and a 47% rise in email attacks targeting organizations.

Ransomware remains a significant threat to small and medium-sized businesses (SMBs) in critical sectors like government and healthcare.

Ransomware detections increased by 32% from Q4 2023 to Q1 2024, with Acronis identifying 10 new ransomware groups responsible for 84 global attacks in Q1 2024.

LockBit, Black Basta and PLAY account for 35% of these incidents. These groups frequently exploit vulnerable drivers to gain system access and disable security tools.

Stephen Kowski, field CTO at SlashNext Email Security+, said government and healthcare sectors should adopt a zero-trust security model, implement network segmentation, and invest in AI-driven threat detection and response systems.

“Leveraging cutting-edge security solutions that offer proactive threat hunting and automated incident response can help these critical industries stay ahead of sophisticated ransomware groups,” he explained.

AI, LLMs Leveraged by Malicious Actors

The report also highlighted cybercriminals’ growing use of generative artificial intelligence (AI) and large language models (LLMs).

AI is increasingly used in social engineering and automation attacks, including malicious emails, deepfake business email compromise (BEC), deepfake extortions, KYC bypass, and script and malware generation.

Acronis researchers distinguished between AI-generated threats, where malware is created using AI but does not utilize AI in its operations, and AI-enabled malware, which incorporates AI into its functionality.

“GenAI and LLMs are enabling attackers to create more convincing phishing emails, deepfakes and automated attack scripts at scale,” Kowski said.

These technologies allow cybercriminals to personalize social engineering attempts and rapidly adapt their tactics, making traditional defenses less effective.

“What used to be ‘0-day’ are now ‘0-hour’ at least,” he said. “Human defenders alone won’t be able to keep up.”

MSPs Targeted, PowerShell Techniques Rise

Meanwhile, Managed Service Providers (MSPs) were consistently targeted from January to May 2024, primarily through email phishing campaigns.

The top MITRE ATT&CK techniques detected included PowerShell, Windows Management Instrumentation, Process Injection, Data Manipulation and Account Discovery.

Nicole Carignan, vice president of strategic cyber AI at Darktrace, said despite increased focus on email security, organizations and their employees continue to be plagued by successful phishing attempts.

She explained many tools used by organizations today rely on historical attack data to identify and stop known email threats from reentering inboxes.

“However, this approach often fails to recognize new or unknown threats,” Carignan said.

She cautioned that with the increasing use of generative AI by threat actors, dependence on traditional threat intelligence or rules and signature-based defense systems will lessen.

“Threat actors can now quickly adopt and change signatures, hashes and indicators of compromise to evade defenses,” she said.

Carignan added that as the sophistication of phishing attacks continues to grow, organizations cannot rely on employees to be the last line of defense against these attacks.

Instead, organizations must use machine learning-powered tools to understand how their employees interact with their inboxes and build a profile of what activity is normal for users, including their relationships, tone and sentiment, content or when and how they follow or share links.

“Only then can they accurately recognize suspicious activity that may indicate an attack or business email compromise,” she said.

Hackers Focus on Human Error

Mika Aalto, co-founder and CEO at Hoxhunt, said the shift from malware attacks to social engineering attacks indicates that cybercriminals are increasingly focusing on exploiting human vulnerabilities rather than technical ones.

“This trend underscores the importance of investing in human-centric security measures, such as personalized training and awareness programs, to reduce the risk of social engineering attacks,” he said.

From Aalto’s perspective, developing adaptive security strategies that can respond to the evolving tactics of cybercriminals is also crucial.

This requires the implementation of continuous monitoring and threat detection to help quickly identify and respond to social engineering attempts.

“Empowering employees to act as the first line of defense by reporting suspicious activities and participating in security initiatives is vital,” he added.