Acronis, cybersecurity and data protection, announced the release of its Acronis Cyberthreats Report H1 2025. The report detailed the most popular threat vectors, active threat groups, and targeted industries in the first half of 2025.

Ransomware continues to be the main threat for large and medium-sized businesses worldwide. New groups are increasingly using AI to automate attacks. Phishing accounted for 25% of all attacks, while 52% targeted managed service providers (MSPs), a 22% rise compared to H1 2024.

In the UAE, the report revealed encouraging results. Ransomware detections were among the lowest globally, with five or fewer incidents per 10,000 workloads between January and June 2025. However, cyber activity spiked during key events, such as March 2025, when the UAE signed several Comprehensive Economic Partnership Agreements (CEPAs).

• May 2025 saw the UAE blocking 10.9% of malicious URLs at the endpoint, second only to Canada at 13.5%.
• Globally, one in ten users clicked malicious links that bypassed initial filters in H1 2025.

“The UAE continues to demonstrate resilience with some of the lowest ransomware rates globally, but the data shows attackers are quick to exploit moments of disruption, whether natural or economic,” said Ziad Nasr, General Manager, Acronis Middle East. “As the country accelerates its digital growth and international partnerships, MSPs and enterprises alike must double down on AI-driven detection, proactive vulnerability management, and robust EDR to safeguard critical sectors and ensure long-term resilience.”

The report also highlighted shifts in attacker behavior worldwide. Ransomware groups increasingly use AI to craft social engineering campaigns. Business email compromise (BEC) attacks rose from 20% to 25.6% between January and May 2025 compared to the same period in 2024. Malware was found in 1.47% of Microsoft 365 email backups, showing persistent threats targeting widely used platforms.

While the overall number of attacks on MSPs decreased, phishing now represents more than half of these attacks, compared to 30% in 2024. Remote Desktop Protocol (RDP) attacks have almost disappeared.

Acronis emphasized that even less sophisticated attackers now have access to advanced AI tools, including deepfakes. Experts warn that a single mistake could compromise an organization’s future. The company urged MSPs, ISPs, and enterprises to adopt AI-driven detection, proactive vulnerability management, and robust EDR solutions to strengthen resilience.

Related post

View all