The Anti-Phishing Working Group (APWG) observed 932,923 phishing attacks in Q3 2024. If you think your company is safe from these attacks, you’re wrong. Email continues to be the number one point of vulnerability for businesses and the managed service providers (MSPs) that support them.
New research from the Acronis Threat Research Unit showed that 31.4% of all emails received in the second half of 2024 were spam, and almost 50% of users were attacked at least once via email by phishing or direct malware. Social engineering attacks were up 7% compared to the first half of the same year.
“Mission-Critical” is an Understatement
It is impossible to overstate the importance of email in the business world. It serves as the primary medium for internal and external communication, document sharing and project management.
More than that, email is the linchpin – it is the first point of account creation and the last line of defense. It sits at the intersection of identity, access and collaboration – where technology touches humanity and humanity reaches back. That is why it is the primary target of cybercrime. And as the largest global email and collaboration service for business, Microsoft 365 (M365), is coming under increased assault.
The Surge in Phishing Attacks
The Acronis Cyberthreats Report H2 2024, published by the Acronis Threat Research Unit, revealed that the growth of email attacks is not just a matter of quantity but also quality. The attacks have become more sophisticated, with cybercriminals employing advanced techniques to bypass traditional security measures.
Phishing remains the dominant method, with 29% of users experiencing at least one phishing attack via URL. The report also said that more files and URLs are being added to scanned emails. This means that attackers are adding more harmful content to make it easier for them to get what they want.
For example, Patelco Credit Union, a California-based credit union, fell victim to a RansomHub ransomware attack in May 2024. The breach resulted in the publication of personal customer data on the gang’s extortion portal in August, affecting 726,000 customers.
Targeting of Managed Service Providers
MSPs are not immune to these threats. In fact, they are often prime targets due to their access to multiple client networks. APT groups, known for their persistence and sophistication, often target MSPs through email.
The Acronis report recorded 62 incidents resulting from such attacks in 2024, highlighting the growing use of social engineering techniques and living-off-the-land (LotL) tactics to maintain long-term access to critical systems.
One notable case is the attack on Insula, an IT managed services firm. The BianLian ransomware gang claimed to have stolen 400 GB of data, including project files, client information and company source codes. This incident underscores the severe consequences of email-based attacks on MSPs and their clients.
Mitigating Email Threats
Given the persistent and evolving nature of email-based threats, organizations can’t ignore the risks. Successful threat mitigation for email and M365 means adopting robust cybersecurity measures and incident response strategies. The Acronis Cyberthreats Report H2 2024 offered several recommendations to improve email security:
- Multilayered Security: Implement a combination of behavioral analysis, heuristic detection, automation and AI-driven monitoring to detect and block AI-generated threats. Advanced Endpoint Detection and Response (EDR) solutions are essential for proactive monitoring and real-time response capabilities.
- Employee Training: Regular training on recognizing AI-powered phishing attempts, deepfakes and other social engineering tactics is crucial. Employees and partners must be vigilant and well-informed to identify and report suspicious activities.
- Advanced Email Security Solutions: Use advanced email security solutions that integrate with existing email services to filter out malicious content and phishing attempts. Ensure that these solutions are properly configured, with daily or hourly updates and real-time scanning.
- Security Updates and Monitoring: Apply security updates quickly and monitor vendor security bulletins. Implement robust security practices such as firewalls, intrusion detection systems and regular security assessments.
- Incident Response Plans: Develop and test incident response plans to ensure swift detection, containment and recovery from security incidents. A well-prepared response can significantly mitigate the impact of an attack.
Conclusion
Email remains a mission-critical application for communication, collaboration, and management, but it is also the eternal attack surface for cybercriminals. The Acronis Cyberthreats H2 2024 Report provides compelling evidence of the increasing sophistication and frequency of email-based attacks.
By adopting robust cybersecurity measures and incident response strategies, organizations can better protect themselves and their clients from these persistent threats.
For a deeper dive into the most recent data and to learn more about global cyberthreats, readers can download the Acronis Cyberthreats Report H2 2024.
About the Acronis Threat Research Unit
The Acronis Threat Research Unit (TRU) is a dedicated team of cybersecurity experts focused on identifying and analyzing emerging cyber threats. In addition to analyzing threats, Acronis TRU actively shares findings through publications and collaborations with the broader cybersecurity community. By offering knowledge about the latest attack methods, malware trends, and security best practices, Acronis TRU contributes to the global effort of strengthening cyber resilience. You can follow the work of Acronis TRU on their threat research blog.
