SecurityBrief India - Technology news for CISOs & cybersecurity decision-makers
Story image
Hornetsecurity analysis reveals surge in email threats
Thu, 30th Nov 2023

The Cyber Security Report 2024 by Hornetsecurity analyses the nature of email threats observed over the previous year, revealing trends and forecasts for the upcoming year.

Hornetsecurity's report reveals that the use of malicious web links in emails has surged by 144% in 2023, compared to the previous year. As a result, malicious URLs jumped from constituting 12.5% of all threats in 2022, to an alarming 30.5% in 2023. The analysis is based on an examination of a staggering 45 billion emails.

Despite this alarming rise in malicious URL usage, it's the phishing technique that remains the most prevalent ilk of email attacks. The occurrence of such attacks has marginally increased by 4 factor points this year, moving from 39.6% in 2022 to 43.3% of all email-based attacks in 2023.

Daniel Hofmann, CEO of Hornetsecurity, shed light on the findings of the report, saying, "Email continues to be one of the key methods of attack that threat actors use. The boom in malicious web links and steady rise in phishing demonstrates that organisations cannot underestimate the damage such threats can cause."

According to the comprehensive analysis, over a third (36.4%) of the 45 billion emails were categorised as unwanted, with 3.6% (over 585 million) identified as malicious.

Shifting tactics of cyber criminals were highlighted too. Following Microsoft's move to disable macros by default in Office, criminals significantly curtailed the use of DOCX and XLSX files, instead preferring HTML files, PDFs and Archive files, with HTML file usage notably up by 76.6% over the previous year.

As for brand impersonation, shipping and e-commerce emails were found to be particularly deceptive. DHL, Amazon, and Fedex accounted for a sizable portion of all fraudulent email impersonations, with 26.1%, 7.7%, and 2.3% respectively.

Hofmann added, "Taking a reactive approach, responding only to specific threats or after falling victim to them, leaves businesses vulnerable. Businesses need a zero-trust mindset and should adopt all-encompassing security services. Our research highlights the adaptability of cybercriminals, and the rapid shifts that have taken place in the last year."

While virtually all businesses are at risk from email threats, industries such as research, entertainment, and manufacturing face increased danger due to the nature and value of the data they handle or the infrastructure they use.

The comprehensive Cyber Security Report 2024 provides a wealth of information and goes on to predict trends for the coming year, underscoring the importance of vigilance and dynamic responding in the face of these unpredictable threats.