- Cybersecurity experts studied over 25 billion emails for annual report*
- New insights from Hornetsecurity reveal 40.5% of work emails are unwanted
- Phishing ranked the number one email attack technique, at 39.6% of detected attacks
New research from cyber security provider Hornetsecurity has revealed that 40.5% of work emails are unwanted. The Cyber Security Report 2023, which analysed more than 25 billion work emails, also reveals significant changes to the nature of cyber-attacks in 2022 – indicating the constant, growing threats to email security, and need for caution in digital workplace communications.
Phishing remains the most common style of email attack, representing 39.6% of detected threats. Threat actors used the following file types sent via email to deliver payloads: Archive files (Zip, 7z, etc.) sent via email make up 28% of threats, down slightly from last year’s 33.6%, with HTML files increasing from 15.3% to 21%, and DOC(X) from 4.8% to 12.7%.
Commenting on the report findings, Hornetsecurity CEO, Daniel Hofmann, said: “This year’s cyber security report shows the steady creep of threats into inboxes around the world. The rise in unwanted emails, now found to be nearly 41%, is putting email users and businesses at significant risk.
“What’s more, our analysis identified both the enduring risk and changing landscape of ransomware attacks – highlighting the need for businesses and their employees to be more vigilant than ever.”
False security of Microsoft Teams
New cybersecurity trends and techniques for organisations to watch out for were also tracked. Since Microsoft disabled macros settings in Office 365, there has been a significant increase in HTML smuggling attacks using embedded LNK or ZIP files to deliver malware.
Microsoft 365 makes it easy to share documents, and end users often overlook the ramifications of how files are shared, as well as the security implications. Hornetsecurity found 25% of respondents were either unsure or assumed that Microsoft365 was immune to ransomware threats.
Hofmann added: “For these attackers, every industry is a target. Companies must therefore ensure comprehensive security awareness training while implementing next-gen preventative measures to ward off threats.”
“Ongoing training should be in place to prevent fraudsters from manipulating the trust people have in Microsoft and other office systems, and to counteract the psychological tricks applied by attackers. As usage of cloud services continues to grow and more users turn to MS Teams to share business information, it’s also critical to ensure all data shared via this platform is backed up.”
Shifting targets: brand impersonations
Cyber threats go beyond email and business communication platforms, however. Brand impersonation attacks continue to rise, even on corporate social media, with LinkedIn growing to 22.4% of detected global brand impersonation threats, an increase of 3.5% compared with last year.
Cybercriminals use platforms like LinkedIn to determine job information and use this to gain access to company resources through social engineering. Organisations and their employees must always exercise caution when receiving work emails – both those that are unwanted, and those that may be from malicious impersonators.
Download the full Cyber Security Report 2023 here.
Hornetsecurity is hosting a Cyber Security Roundtable on 30 November, in which a panel of security experts will discuss the report findings and key strategies to building cyber security resilience in 2023. Learn more and register here.
Notes to Editor:
- *By reviewing more than 25 billion emails collected over the current reporting period (1 October 2021 – 30 September 2022), the Security Lab has made the following determinations.
Visit AITechPark for cutting-edge Tech Trends around AI, ML, Cybersecurity, along with AITech News, and timely updates from industry professionals!