Acronis, a global leader in cybersecurity and data protection, today released the findings of the Acronis Cyberthreats Report H1 2025, detailing the most popular threat vectors, active threat groups, and targeted industries in the first half of 2025. Ransomware remains the major threat for large and medium-sized businesses worldwide, with new groups increasingly leveraging AI to automate their activities. Phishing accounted for 25% of all attacks and 52% of attacks targeted managed service providers (MSPs), a 22% increase compared to the first half of 2024.
In the UAE, the report revealed encouraging results. Ransomware detections were among the lowest worldwide, with five or fewer incidents per 10,000 workloads between January and June 2025. However, cyber activity spiked around key moments such as in March 2025 when the UAE signed several Comprehensive Economic Partnership Agreements (CEPAs). A temporary dip in the following month suggests that enhanced security measures were effective, but detections quickly rebounded in May as attackers adapted their tactics. Zooming out, this trend of focused attacks was also evident in the aftermath of the record-breaking floods of April 2024, when the disruption of services presented an opportunity for attackers to exploit.
“The UAE continues to demonstrate resilience with some of the lowest ransomware rates globally, but the data shows attackers are quick to exploit moments of disruption, whether natural or economic,” said Ziad Nasr, General Manager, Acronis Middle East. “As the country accelerates its digital growth and international partnerships, MSPs and enterprises alike must double down on AI-driven detection, proactive vulnerability management, and robust EDR to safeguard critical sectors and ensure long-term resilience.”
The report also revealed that in May 2025, the UAE had the second largest percentage of blocked malicious URLs at the endpoint (10.9%), behind only Canada (13.5%), and far ahead of the US (9.4%) and the UK (4.6%). Acronis noted this represents a major risk, as its research found that, on average, close to one in ten users globally clicked on malicious links that managed to bypass initial filters in the first half of the year.
Acronis’ analysis also showed shifts in attacker behaviour across global markets. Ransomware groups are increasingly using AI to craft sophisticated social engineering campaigns, with business email compromise (BEC) and related attacks rising from 20% to 25.6% between January and May 2025 compared to the same period in 2024. Malware was also found in 1.47% of Microsoft 365 email backups, highlighting the persistence of advanced threats targeting widely used platforms.
While the overall number of attacks targeting MSPs fell, the nature of attacks changed significantly. Phishing accounted for more than half of all attacks targeting MSPs in 2025, compared to just 30% in 2024, while Remote Desktop Protocol (RDP) attacks almost disappeared entirely.
“While the endgame for cybercriminals is still ransomware, how they get there is changing,” said Gerald Beuchelt, CISO at Acronis. “Even the least sophisticated attackers today have access to advanced AI capabilities, generating social engineering attacks, and automating their activities with minimal effort. The result is MSPs, ISPs, and others are constantly exposed to sophisticated attacks including increasingly advanced deepfakes, and all it takes is one mistake to put the organisation’s entire future at risk. To survive in this threat landscape and avoid damaging ransomware payloads, a holistic cyber protection strategy that incorporates advanced detection, response and recovery capabilities is essential.”
