In its report on cyber thrames of the first semester of 2025, the cybersecurity company Acronis points out that ransomware remains the main threat to medium and large companiesbut also that More attackers groups use AI to automate their activities. Especially, those related to social engineering.
In the period analyzed by the company, Phishing represented a quarter of all attacks. In addition, the report indicates that 52% of Phishing attacks from January to June went to MSPS, 22% more than during the same period of the previous year.
The report addresses the global threats panorama, according to the observations of the acronis threat research unit (TRU) and the company in Windows endpoints in the first half of this year. According to the aforementioned more than one million endpoints distributed throughout the world, the report also includes threat -centered statistics aimed at Windows, give its prevalence with respect to Macos and Linux.
According to its data, it is clear that ransomware remains the form of attack preferred by cybercriminals. The number of victims of this type of attack of which there is constancy has increased almost 70% compared to 2023 and 2024. Clop, Akira and Qlin have been the most active ransomware groups in 2025 until June.
Ransomware groups use the AI more and more, which is reflected in the threat vectors that choose: Social Engineering and attacks on business email (BEC) rose from 20% to 25% between January and May of this year with respect to 2024. This is possibly due to the increase in the use of AI for the design of impersonations, which are increasingly convincing. In addition, malware was discovered in 1.47% of Microsoft 365 email backups.
As for the attacks on MSP, although the total number of those who received in the period analyzed with respect to the previous year has dropped, there has been a change in the nature of these attacks. As we have mentioned, the 52% of those they received were from Phishing, 22% more than in the same 2024 period. Regarding the attacks on the remote desktop protocol (RDP) that the MSP received, they practically disappeared in the first half of the year.
As for the type of Phishing attacks, Acronis remembers that not all are the same, and that they focus more and more on collaboration applications. Thus, they are progressively leaving the simple campaigns of violation of the email of companies. Almost 25% of the attacks on collaboration applications took advantage of the Deepfakes technology generated by AI, or automated exploits.
By business sectors, the manufacturing was the most attacked by ransomware groups, with 15% of all cases registered in the first quarter of 2025. They are followed by retail trade, food and drinks, with 12%; and telecommunications and media companies, with 10% of the attacks.
In the first half of the yearas reflected in the Acronis report, Spain has registered the highest detection rates in Europewith two peaks in March and May above 10%. Both peaks probably point to a higher exposure during both months, which may be due to infosteal campaigns in holiday periods, as well as the time of presentation of taxes.
On the other hand, after the blackout of the end of April, the cybersholatters launched various phishing attacks exploiting the chaos generated following the incident. Among them scams with false plane tickets and credential robbery websites. Spain has also registered a significant increase in domain abuse.
Several high -level incidents, among which there was a Senate email gap, and telephone data filtration which affected 22 million customers, contributed to the growth of the detection of malicious URLs. The operator suffered another importance of importance at the beginning of the year, which presented the data of 20,000 employees and caused the filtration of 2.3 GB of sensitive data.
