Acronis, a global leader in cybersecurity and data protection, today released the findings of the Acronis Cyberthreats Report H1 2025, detailing the most popular threat vectors, active threat groups, and targeted industries in the first half of 2025. Ransomware remains the major threat for large and medium-sized businesses worldwide, with new groups increasingly leveraging AI to automate their activities. Phishing accounted for 25% of all attacks and 52% of attacks targeted managed service providers (MSPs), a 22% increase compared to the first half of 2024.
In the UAE, the report revealed encouraging results. Ransomware detections were among the lowest worldwide, with five or fewer incidents per 10,000 workloads between January and June 2025. However, cyber activity spiked around key moments such as in March 2025 when the UAE signed several Comprehensive Economic Partnership Agreements (CEPAs). A temporary dip in the following month suggests that enhanced security measures were effective, but detections quickly rebounded in May as attackers adapted their tactics. Zooming out, this trend of focused attacks was also evident in the aftermath of the record-breaking floods of April 2024, when the disruption of services presented an opportunity for attackers to exploit.
“The UAE continues to demonstrate resilience with some of the lowest ransomware rates globally, but the data shows attackers are quick to exploit moments of disruption, whether natural or economic,” said Ziad Nasr, General Manager, Acronis Middle East. “As the country accelerates its digital growth and international partnerships, MSPs and enterprises alike must double down on AI-driven detection, proactive vulnerability management, and robust EDR to safeguard critical sectors and ensure long-term resilience.”
The report also revealed that in May 2025, the UAE had the second largest percentage of blocked malicious URLs at the endpoint (10.9%), behind only Canada (13.5%), and far ahead of the US (9.4%) and the UK (4.6%). Acronis noted this represents a major risk, as its research found that, on average, close to one in ten users globally clicked on malicious links that managed to bypass initial filters in the first half of the year.
Acronis’ analysis also showed shifts in attacker behaviour across global markets. Ransomware groups are increasingly using AI to craft sophisticated social engineering campaigns, with business email compromise (BEC) and related attacks rising from 20% to 25.6% between January and May 2025 compared to the same period in 2024. Malware was also found in 1.47% of Microsoft 365 email backups, highlighting the persistence of advanced threats targeting widely used platforms.
While the overall number of attacks targeting MSPs fell, the nature of attacks changed significantly. Phishing accounted for more than half of all attacks targeting MSPs in 2025, compared to just 30% in 2024, while Remote Desktop Protocol (RDP) attacks almost disappeared entirely.
“While the endgame for cybercriminals is still ransomware, how they get there is changing,” said Gerald Beuchelt, CISO at Acronis. “Even the least sophisticated attackers today have access to advanced AI capabilities, generating social engineering attacks, and automating their activities with minimal effort. The result is MSPs, ISPs, and others are constantly exposed to sophisticated attacks including increasingly advanced deepfakes, and all it takes is one mistake to put the organisation’s entire future at risk. To survive in this threat landscape and avoid damaging ransomware payloads, a holistic cyber protection strategy that incorporates advanced detection, response and recovery capabilities is essential.”
For more information, download a copy of the full Acronis H1 2025 Cyberthreats Report here: https://www.acronis.com/en-us/resource-center/resource/acronis-cyberthreats-report-h1-2025
To learn more about the report and its findings, visit the Acronis blog here: https://www.acronis.com/en-us/blog/posts/acronis-cyberthreats-report-h1-2025-some-good-news-and-a-lot-of-bad-news
Methodology:
The biannual report covers the global threat landscape as encountered by the Acronis Threat Research Unit (TRU) and Acronis sensors on Windows endpoints from January through May, 2025. Based on signals from over 1,000,000 unique endpoints distributed around the world, the report also incorporates statistics focused on threats targeting Windows operating systems, given their prevalence as compared to MacOS and Linux.
About Acronis
Acronis is a global cyber protection company that provides natively integrated cybersecurity, data protection, and endpoint management for managed service providers (MSPs), small and medium businesses (SMBs), and enterprise IT departments. Acronis solutions are highly efficient and designed to identify, prevent, detect, respond, remediate, and recover from modern cyberthreats with minimal downtime, ensuring data integrity and business continuity. Acronis offers the most comprehensive security solution on the market for MSPs with its unique ability to meet the needs of diverse and distributed IT environments.
A Swiss company founded in Singapore in 2003, Acronis has 15 offices worldwide and employees in 50+ countries. Acronis Cyber Protect is available in 26 languages in 150 countries and is used by over 21,000 service providers to protect over 750,000 businesses. Learn more at www.acronis.com.
