Links Overtake Attachments as Email Cyber Weapon of Choice

The Global Threat intelligence Report from Mimecast shows links are being preferred to attachments for the first time as cyber attacks shift focus

For the first time, the average cyber attack is now more likely to come from a malicious link than a malicious attachment.

That’s according to the latest Global Threat Intelligence Report from Mimecast which highlights key cybersecurity trends spotted for Q4 2023 that CISOs need to address today.

That is especially the case for those cybersecurity professionals working in finance, hospitality, travel, HR, and recruitment – which remain the industries and sectors most targeted by criminals.

Mimecast produces its analysis based on the 1.7 billion emails it examines every day for more than 42,000 customers. This provides a unique snapshot and insights into real-world, real-time security – often providing an ‘early warning system’ for CISOs globally.

That headline finding of links overtaking attachments highlights a shift in tactics that also saw a rise in the use of QR codes to sidestep defences.

Following high-profile attacks earlier in 2023 on major casinos earlier in the year, bad actors continued to focus on travel, hospitality, and catering companies in Q4, elevating the sector to second spot on the most-attacked list behind banking. The sector third on the hit-list is human resources and recruitment, although attacks have declined.

Key findings from the Q3 report cover the sectors attacked, methodology, and the rise of generative AI.


The sectors that experienced the most attacks in the fourth quarter of 2023 were financial institutions; travel, hospitality, and catering; and human resources and recruitment services. Attacks were driven by ransomware, data theft, and business email compromise (BEC). 

Additionally, across all industries, users at small and medium-sized firms encountered more than twice the number of threats as those at large companies. 

Links vs. Attachments 

For the first time, the average user was more likely to receive a malicious link than an attachment in Q4. Previously, attackers relied more on known malware to deliver payloads. 


Geopolitical tensions have increased, with the conflict in Israel and Gaza proving to be the latest to drive politically motivated cyberattacks on critical infrastructure and rival governments.

Generative AI 

Attackers are using generative AI and machine-learning models to create more convincing phishing lures and translate attacks into other languages. Technical threat indicators, such as domain reputation, browser isolation, and malware analysis, will be increasingly necessary to block attacks. 

QR Codes 

Using QR codes to mask malicious links has continued to grow in popularity since a boom in the use of QR codes during the COVID-19 pandemic.

Ransomware payments fall as victims fight back

Attacks are on the rise, and becoming more sophisticated, but victims are fighting back. Payment rates for ransomware attacks have plummeted.

Back in 2019, payments were around 85% of the original ransom demand. Now those rates are around 35%.

Mimecast has identified three reasons that might be behind the changing economics of ransomware:

  1. Companies do not trust cybercriminals will be able to recover data
  2. Organisations have improved their security stance
  3. Paying ransoms to threat actors from certain nation-states is now illegal

There are signs that machine learning and generative AI are also changing the threat landscape. Phishing lures are becoming more convincing and easier to tailor to specific audiences thanks to generative AI.

Read the full Mimecast report.


Make sure you check out the latest industry news and insights at Cyber Magazine and also sign up to our global conference series - Tech & AI LIVE 2024


Cyber Magazine is a BizClik brand 




Featured Articles

Google Securing WFH with Zscaler and Netskope Partnership

Google has added the expertise of Zscaler and Netskope into its Workspace Security Alliance to bolster the security issues created from work from home

Why Have Cybersecurity Budgets Soared for TMT Companies?

A recent report by Moody's shows Telecommunications, Media, and Technology companies have ballooned their cybersecurity budgets

Mandiant's Analysis Unveils Cause of Snowflake Data Theft

Mandiant identified three key issues things that the customers affected by the data breach shared

OpenText: AI Main Driver of Growth for MSPs & MSSPs

Technology & AI

Genetec’s Paul Dodds Talks Protecting IoT from Cyber Attacks

Network Security

Tech Mahindra and Cisco Partner on Next-Gen AI Firewall

Cyber Security