Acronis has published its Cyberthreats Report for the first half of 2025, highlighting ongoing trends and new developments in global cyberthreat activity.
The report, compiled by the Acronis Threat Research Unit and based on data collected from more than one million endpoints worldwide, indicates that ransomware remains the predominant threat to both large and medium-sized enterprises. The findings show a notable increase in the use of artificial intelligence by cybercriminal groups, particularly to automate social engineering and phishing campaigns.
AI transforms social engineering
According to the report, ransomware continues to dominate the threat landscape, demonstrated by a surge in known victims. The number of publicly disclosed ransomware victims increased by nearly 70% when compared to the same periods in 2023 and 2024. Groups such as Cl0p, Akira, and Qlin have emerged as the most active ransomware operators during the period studied.
The utilisation of AI has given rise to more sophisticated attacks. Social engineering and business email compromise (BEC) attacks rose from 20% to 25.6% between January and May 2025 compared to the same period in 2024. This increase is attributed to the adoption of AI for creating more convincing impersonations and fraudulent communications.
Gerald Beuchelt, Chief Information Security Officer at Acronis, commented on the changing nature of cyberattacks, stating,
“While the endgame for cybercriminals is still ransomware, how they get there is changing. Even the least sophisticated attackers today have access to advanced AI capabilities, generating social engineering attacks and automating their activities with minimal effort. The result is that MSPs, manufacturers, ISPs, and others are constantly exposed to sophisticated attacks, including increasingly advanced deepfakes, and all it takes is one mistake to put the organizations’ entire future at risk. To survive in this threat landscape and avoid damaging ransomware payloads, a holistic cyber protection strategy that incorporates advanced detection, response and recovery capabilities is essential.”
Phishing targets MSPs
The report found that managed service providers (MSPs) are especially targeted by AI-powered attacks. Phishing constituted 52% of all attacks against MSPs over the first half of 2025, which is a marked increase from 30% in the previous year. In contrast, attacks through Remote Desktop Protocol (RDP) have declined significantly.
When examining threats by method, phishing attacks have shifted focus. Cybercriminals are now targeting collaboration applications more frequently and are increasingly using AI-generated deepfakes. Nearly 25% of attacks in collaboration apps involved either deepfakes or automated exploits.
Malware was detected in 1.47% of Microsoft 365 email backups, indicating additional risks to business communications and data integrity.
Industries at risk
The manufacturing industry was the leading target for ransomware groups, accounting for 15% of all documented cases in the first quarter of 2025. Other industries frequently targeted included retail, food and drink (12%), and telecommunications and media (10%).
Phishing remained the most preferred attack vector overall, representing 25% of all cyberattacks in the review period, with the rate even higher at 52% for MSP-related incidents. This is a 22% increase compared to the first half of 2024.
Windows endpoints remain primary targets
The report’s findings are weighted towards the Windows operating system due to its widespread use. Threats to macOS and Linux are addressed but constitute a smaller overall percentage.
The full Acronis Cyberthreats Report H1 2025 details observed methodologies and emerging trends in cybercrime, with emphasis on the accelerating integration of AI into attack strategies. It presents an outlook that businesses, particularly those in high-risk sectors, must adapt to evolving tactics in order to maintain robust cyber defences.
