Hornetsecurity’s Unique Position in Analyzing Email-Based Threats
Email is one of the most critical communication tools for organizations, but its ubiquity also makes it a prime target for cybercriminals. Understanding these evolving threats is essential for IT professionals to safeguard their organizations against the risks hidden in their inboxes. This article explores Hornetsecurity’s comprehensive analysis of email-based threats, shedding light on prevalent attack methods, emerging trends, and key insights into malicious tactics.
By leveraging its huge user dataset, Hornetsecurity is uniquely positioned to conduct a detailed examination of email-based threats as well as those threats targeting the greater Microsoft 365 ecosystem. This allows the security researchers at Hornetsecurity to distill this data into important insights for IT teams and security professionals.
Email continues to be a major communication channel, particularly for companies and professional organizations. In our analysis of more than 55.6 billion emails in 2024, 36.9% are categorized as “unwanted.” 97.8% of unwanted emails are spam or rejected outright due to external indicators and 2.3% of unwanted emails were flagged as malicious.
Most Common Attack Types in Email Threats
When we look at the attack types used in email attacks, phishing retains its top place as the most prevalent attack method, accounting for 33.3 % of attacks. This is followed closely by malicious URLs accounting for 22.7 % of cases.
These numbers align with the types of attacks that have gained popularity amongst threat actors over the past year – mainly in reverse-proxy style credential theft attacks that heavily leverage social engineering and malicious links.
Shift in Malicious File Types and Their Impact
A renewed focus on social engineering and security token / credential theft is noticeable in our data regarding malicious file types as well. We track the types of files used for the delivery of malicious payloads in email attacks and found that there are noted decreases in the use of malicious attachments period. Nearly every malicious file type saw a decrease when compared with last year.
That said, HTML files, PDFs, and Archive files remain in the top three spots in a continuation from the previous year.
Increase in Easier-to-Detect Email Attacks
Threat actors have been leveraging a slightly higher volume of easier to detect (and ultimately “rejected”) email attacks over the data period. This is indicated by the slight decrease in the number of malicious emails that were classified as “Threats” and “AdvThreats”. As a result, we saw the threat index for nearly every industry drop during the data period.
This is because our industry threat index compares the number of clean emails vs. the volume of “Threats” and “AdvThreats”. Also notable is the fact that there is little variation from industry to industry. Yes, there are some that are higher than others, but the data continues to show, year after year, that EVERY industry is under attack.
The Rise in Brand Impersonation Attempts
In terms of brand impersonations over the last year, we found that despite remaining in the position of number 1 most impersonated brand there was a large decrease in the amount of DHL impersonation attempts. That said, the amount of FedEx impersonation attempts tripled, Docusign and Facebook both had more than double the amount of impersonation attempts, while Mastercard and Netflix both saw notable increases as well.
The Increasing Threat of Adversary-in-the-Middle Attacks
Finally, when we continue our annual discussion regarding the safety of data in the cloud, a key theme that we’ve seen from attackers this year is, again, the increasing use of credential / token theft toolkits via an Adversary-in-the-Middle attack. When compared with previous years, these attacks have become popular with threat actors.
This is because of the ease with which they can target a large number of victims with VERY convincing landing pages with minimal effort. These toolkits are designed to account for MFA (Multi-Factor) authentication as well, which many organizations assume (wrongly) keeps them 100% safe from said attacks. The cybersecurity industry continues to address this concern with better scanning mechanisms, security awareness training, and phishing-resistant login technologies like passkeys.
However, these mitigations take time of course, and as a result, some organizations have fallen victim leading to a loss or leakage of sensitive data.
Stay One Step Ahead of Cyber Threats with Advanced Threat Protection
Don’t let ransomware, phishing, and other advanced attacks put your business at risk. Hornetsecurity’s Advanced Threat Protection leverages cutting-edge AI and machine learning to safeguard your emails and sensitive data from even the most sophisticated threats.
- Protect against zero-day attacks;
- Detect and block malicious links, attachments, and spoofing attempts;
- Get real-time alerts and forensic insights;
- Experience unmatched email security with quick setup and a user-friendly dashboard.
Request your free consultation today!
Future-Proof Your Microsoft 365 Environment with AI-Powered Security and Data Protection
Protect your business with Hornetsecurity’s comprehensive 365 Total Protection suite, covering everything from email security and backup to compliance and risk management. Secure your data and ensure business continuity with cutting-edge AI technology and backup solutions.
- Multi-layered email security to block advanced cyber threats;
- Comprehensive backup to ensure data protection and recovery;
- Security awareness training to safeguard your employees.
Start your free trial today and experience seamless protection! Request your free trial now!
Conclusion – The Need for a Robust Email and Microsoft 365 Security Strategy
As this style of attack still makes heavy use of email communications as well as increasing use of chat communications like Microsoft Teams, a robust email and Microsoft 365 security strategy is essential for operating safely in today’s digital ecosystem.
