• Hornetsecurity’s Cyber Security Report 2024 reveals phishing remains top email threat, accounting for 43.3% of attacks, but malicious URLs jumped from 12.5% to 30.5% YoY

• Analysis of more 45 billion emails reveals more than a third (36.4%) are unwanted

Hornetsecurity has launched its Cyber Security Report 2024, which reveals the growing threat of cybercriminals using harmful web links in emails. An analysis of 45 billion emails found a 144% increase in this type of attack compared to last year, rising from 12.5% of all threats in 2022 to 30.5% this year.

It is phishing, however, that remains the most common email attack technique. Its use increased by nearly 4 percentage points this year, rising from 39.6% to 43.3% of all email attacks.

Commenting on the latest report findings, Daniel Hofmann, Hornetsecurity CEO, said: “Email continues to be one of the key methods of attack that threat actors use – and it’s essential that firms of all sizes, and across all sectors, put in place a robust email security strategy to future-proof their business. The boom in malicious web links and steady rise in phishing demonstrates that organisations cannot underestimate the damage such threats can cause, and must ensure they use next gen security service while also maintaining security awareness throughout the workplace.”

Marketing Technology News: Trellix Announces Cybersecurity Generative AI Innovations Powered by Amazon Bedrock

Changing face of threats

Of the 45 billion emails analysed, more than a third (36.4%) were categorised as unwanted. Within this category, just over 3.6% – or more than 585 million – were identified as malicious. This represents the widespread nature of the risk, with a vast number of emails posing potential threats.

Threat actors are savvy and adaptable. In the last year, following Microsoft disabling macros by default in Office, there was a significant decline in the use of DOCX files (by 9.5 percentage points) and XLSX files (by 6.7 percentage points). Instead, cyber-criminals opted for HTML files (37.1% of files analysed), PDFs (23.3%) and Archive files (20.8%). HTML file usage is a particularly notable trend: usage rose by 76.6% over the last year.

Brand impersonation continues to target victims, soliciting sensitive information via phishing. Shipping and e-commerce emails are to be regarded with particular caution: DHL accounts for 26.1% of all impersonations, Amazon 7.7% and Fedex 2.3%. All three were in the top 10 most spoofed. Other popular brands, including LinkedIn, Microsoft (both 2.4%) and Netflix (2.2%), also featured in the top 10.

Industries at risk

This latest Hornetsecurity research confirms that almost every type of business is currently under threat. If an organisation can pay a ransom, it is a target to cyber criminals. However, some industries are at a slightly increased risk.

The research industry is often targeted due to the intellectual property it handles. Entertainment companies are attacked due to the money they handle, such as the 2023 attacks on MGM and Caesars Casinos. Meanwhile, the manufacturing sector is often seen as an easy target for cyber attackers because companies tend to use many IoT devices that can render them vulnerable if not properly secured.

Hofmann added: “Many organisations are too reactive, only responding to specific threats or acting after they have fallen victim. This approach leaves them vulnerable to attack. Businesses need a zero-trust mindset to protect themselves and should adopt all-encompassing security services to set their minds at rest. Our research highlights the adaptability of cybercriminals, and the rapid shifts that have taken place in the last year.

“Companies have a duty to take care of basic security hygiene, train and support all employees, and invest in quality security.”

Marketing Technology News: MarTech Interview with Janaka Fernando, Optimizely Practice Director at Valtech