Acronis Cyberthreats Update, July 2024
Authors:
Alexander Ivanyuk — Senior Director, Technology
Irina Artioli — Cyber Protection Evangelist
The Acronis Cyberthreats Update covers current cyberthreat activity and trends, as observed by Acronis analysts and sensors. Figures presented here were gathered in June of this year and reflect threats that we detected as well as news stories from the public domain. This report represents a global outlook and is based on more than one million unique endpoints distributed around the world.
Incidents of the month
Snowflake, the popular cloud data platform, is facing ongoing security issues that continue to expand, with more victims emerging and even one alleged intruder coming forward. Mandiant reported that at least 165 targets were affected, including Australian ticketing provider Ticketek and U.S.-based Ticketmaster. Advance Auto Parts confirmed the theft of employee and applicant data, including Social Security numbers, due to the breach. An attacker from the ShinyHunters group claimed they accessed Snowflake’s systems by first compromising third-party partners like EPAM Systems, though EPAM has denied this.
The breach was detected by Snowflake’s internal security team after attackers exploited a vulnerability in the authentication process via an insecure API endpoint. Snowflake is now requiring all customers to implement multifactor authentication. Continuous data activity monitoring and minimizing third-party access to data are essential to enhance security and reduce vulnerabilities.
June malware detections
In June, Acronis Cyber Protect blocked 1.07 million malware threats on endpoints — a 3% decrease from May.
The below tables show the percentage of Acronis clients that had at least one malware threat blocked at the endpoint (this number has been hovering around 12% for the last year), as well as the normalized percentage of clients with at least one malware detection. The higher the percentage, the higher the risk of a workload in that country being attacked by malware.
Protection
The aforementioned threats can be detected and mitigated with solutions from Acronis.
Acronis Cyber Protect Cloud protects against both known and never-before-seen threats through a multilayered protection approach. This includes behavior-based detection, AI- and ML-trained detections and anti-ransomware heuristics, which can detect and block encryption attempts and roll back any tampered files automatically without any user interaction.
Additional advanced email security and URL filtering can help you protect against social engineering threats. And our Acronis #CyberFit score helps you quickly identify systems that need attention, while the integrated patch management makes updating your software to the latest versions simple.
Advanced Security + Extended Detection and Response (XDR) for Acronis Cyber Protect Cloud brings the visibility needed to understand attacks while simplifying the context for administrators and enabling efficient remediation of any threats.
Learn more about Acronis’ approach to cyber protection.