Organizations can’t ignore the surge in malicious web links

Despite the rising adoption of collaboration and instant messaging software, email remains a significant area of concern regarding cyber attacks, particularly the increasing threat of cybercriminals employing harmful web links in emails, according to Hornetsecurity.

Attack techniques used in email attacks

An analysis of 45 billion emails found a 144% increase in this type of attack compared to last year, rising from 12.5% of all threats in 2022 to 30.5% this year.

It is phishing, however, that remains the most common email attack technique. Its use increased by nearly 4 percentage points this year, rising from 39.6% to 43.3% of all email attacks.

“Email continues to be one of the key methods of attack that threat actors use – and it’s essential that firms of all sizes, and across all sectors, put in place a robust email security strategy to future-proof their business. The boom in malicious web links and steady rise in phishing demonstrates that organizations cannot underestimate the damage such threats can cause, and must ensure they use next gen security service while also maintaining security awareness throughout the workplace,” said Daniel Hofmann, Hornetsecurity CEO.

Attachment use and types in attacks

Of the 45 billion emails analysed, 36.4% were categorised as unwanted. Within this category, just over 3.6% – or more than 585 million – were identified as malicious. This represents the widespread nature of the risk, with a vast number of emails posing potential threats.

Threat actors are savvy and adaptable. In the last year, following Microsoft disabling macros by default in Office, there was a significant decline in the use of DOCX files (by 9.5 percentage points) and XLSX files (by 6.7 percentage points). Instead, cyber-criminals opted for HTML files (37.1% of files analysed), PDFs (23.3%) and Archive files (20.8%). HTML file usage is a particularly notable trend: usage rose by 76.6% over the last year.

Brand impersonation continues to target victims, soliciting sensitive information via phishing. Shipping and e-commerce emails are to be regarded with particular caution: DHL accounts for 26.1% of all impersonations, Amazon 7.7% and Fedex 2.3%. All three were in the top 10 most spoofed. Other popular brands, including LinkedIn, Microsoft (both 2.4%), and Netflix (2.2%), also featured in the top 10.

Industries at risk

This latest Hornetsecurity research confirms that almost every type of business is currently under threat. If an organization can pay a ransom, it is a target to cybercriminals. However, some industries are at a slightly increased risk.

The research industry is often targeted due to the intellectual property it handles. Entertainment companies are attacked due to the money they handle, such as the 2023 attacks on MGM and Caesars Casinos. Meanwhile, the manufacturing sector is often seen as an easy target for cyber attackers because companies tend to use many IoT devices that can render them vulnerable if not properly secured.

Hofmann added: “Many organizations are too reactive, only responding to specific threats or acting after they have fallen victim. This approach leaves them vulnerable to attack. Businesses need a zero-trust mindset to protect themselves and should adopt all-encompassing security services to set their minds at rest. Our research highlights the adaptability of cybercriminals, and the rapid shifts that have taken place in the last year.”

“Companies have a duty to take care of basic security hygiene, train and support all employees, and invest in quality security,” Hofmann concluded.