Press Release

Use of malicious web links in email attacks rise by 144%, finds Hornetsecurity report

Wed 29 Nov 2023

Hornetsecurity’s Cyber Security Report 2024 has unveiled a significant increase in the use of malicious web links in email attacks.

Analysing over 45 billion emails, the report found a 144% rise in this threat, escalating from 12.5% of all attacks in 2022 to 30.5% in 2023.

Despite this surge, phishing remains the most prevalent email attack technique, accounting for 43.3% of all email attacks, up from 39.6% last year.

Daniel Hofmann, CEO of Hornetsecurity, emphasised the importance of robust email security strategies: “Email continues to be one of the key methods of attack that threat actors use – and it is essential that firms of all sizes, and across all sectors, put in place a robust email security strategy to future-proof their business.

“The boom in malicious web links and steady rise in phishing demonstrates that organisations cannot underestimate the damage such threats can cause.”

The report also shed light on the changing nature of email threats. Out of the 45 billion emails analysed, over a third (36.4%) were deemed unwanted, with more than 585 million identified as malicious. This staggering number underlines the widespread risk posed by email attacks.

Cybercriminals are constantly adapting their tactics. Following Microsoft’s decision to disable macros by default in Office, the report noted a decline in the use of DOCX and XLSX files.

Conversely, there has been an increase in the use of HTML files (37.1%), PDFs (23.3%), and Archive files (20.8%). This shift indicates a strategic response from cybercriminals to evolving digital environments.

Brand impersonation is another critical area of concern. Shipping and e-commerce related emails, particularly those impersonating DHL (26.1%), Amazon (7.7%), and Fedex (2.3%), are among the most common forms of phishing attacks. LinkedIn, Microsoft, and Netflix are also frequently impersonated brands.

Hofmann further commented on the need for proactive measures: “Many organisations are too reactive, only responding to specific threats or acting after they have fallen victim. This approach leaves them vulnerable to attack. Businesses need a zero-trust mindset to protect themselves and should adopt all-encompassing security services.”

The report also highlighted industries particularly at risk, such as the research sector due to its handling of intellectual property, and entertainment companies, as seen in the 2023 attacks on MGM and Caesars Casinos. The manufacturing sector is also a frequent target due to its reliance on IoT devices, which can be exploited if not adequately secured.

Hornetsecurity’s report underscores the urgent need for comprehensive security measures in the face of evolving cyber threats, emphasising the importance of employee training and investment in quality security solutions.


Amplify Your Business at Tech Show London 2024 – Enquire Now!

Send us a correction Send us a news tip