Research finds 4 out of 10 emails are unwanted

Cybersecurity experts studied over 25 billion emails for an annual report for Hornetsecurity, 40.5% of work emails were found to be unwanted.

New research from cyber security provider Hornetsecurity has revealed that 40.5% of work emails are unwanted. The Cyber Security Report 2023, which analysed more than 25 billion work emails, also reveals significant changes to the nature of cyber-attacks in 2022 - indicating the constant, growing threats to email security, and need for caution in digital workplace communications.

Most used file types in detected malicious emails

Above: Most used file types in detected malicious emails

Phishing remains the most common style of email attack, representing 39.6% of detected threats. Threat actors used the following file types sent via email to deliver payloads: Archive files (Zip, 7z, etc.) sent via email make up 28% of threats, down slightly from last year's 33.6%, with HTML files increasing from 15.3% to 21%, and DOC(X) from 4.8% to 12.7%.

Commenting on the report findings, Hornetsecurity CEO, Daniel Hofmann, said: "This year's cyber security report shows the steady creep of threats into inboxes around the world. The rise in unwanted emails, now found to be nearly 41%, is putting email users and businesses at significant risk.

"What's more, our analysis identified both the enduring risk and changing landscape of ransomware attacks – highlighting the need for businesses and their employees to be more vigilant than ever."

False security of Microsoft Teams

New cybersecurity trends and techniques for organisations to watch out for were also tracked. Since Microsoft disabled macros settings in Office 365, there has been a significant increase in HTML smuggling attacks using embedded LNK or ZIP files to deliver malware.

Microsoft 365 makes it easy to share documents, and end users often overlook the ramifications of how files are shared, as well as the security implications. Hornetsecurity found 25% of respondents were either unsure or assumed that Microsoft365 was immune to ransomware threats.

Hofmann added: "For these attackers, every industry is a target. Companies must therefore ensure comprehensive security awareness training while implementing next-gen preventative measures to ward off threats."

"Ongoing training should be in place to prevent fraudsters from manipulating the trust people have in Microsoft and other office systems, and to counteract the psychological tricks applied by attackers. As usage of cloud services continues to grow and more users turn to MS Teams to share business information, it's also critical to ensure all data shared via this platform is backed up."

Shifting targets: brand impersonations          

Cyber threats go beyond email and business communication platforms, however.  Brand impersonation attacks continue to rise, even on corporate social media, with LinkedIn growing to 22.4% of detected global brand impersonation threats, an increase of 3.5% compared with last year.

Cybercriminals use platforms like LinkedIn to determine job information and use this to gain access to company resources through social engineering. Organisations and their employees must always exercise caution when receiving work emails - both those that are unwanted, and those that may be from malicious impersonators.

 

Share

Featured Articles

BlueVoyant's Tom Moore Talks Legal Procedure Following Hack

BlueVoyant's Tom Moore explains how companies should act with legal council following a cyber attack

GDPR: Studying the World's Strictest Security Law 6 Years On

We take a look at the history, impact, and future of GDPR to see how it has effected the cyber sphere six years after its enactment

Banking Titan Baird Gives 9 Pointers for Cyber Investors

Investment bank Baird have made nine observations from RSA Conference that investors should consider when investing in today’s cyber market

OpenText's Pillr Buy Show Acquisitions Still in its Strategy

Cyber Security

Zoom Prepares for Quantum World with Post-Quantum Encryption

Cyber Security

Tenable: Security Expertise Gap Threatening Cloud Expansion

Operational Security