In its new Cyber Threat Report Edition 2021/2022, Hornetsecurity shared the latest data on the current cyber threat situation, with a focus on email communication. The email cloud security and backup provider constantly keeps an eye on the development of threats and identifies the most frequently used cyberattack methods. Hornetsecurity CEO, Daniel Hofmann, gives an overview of key trends.
40% of all incoming emails are unwanted
As the primary means of communication for businesses, email is one of the main gateways for cybercrime and remains a prime attack vector.
Out of the total email traffic during the research period, threat researchers at the Hornetsecurity Security Lab found that 40% of all inbound emails can be classified as unwanted and could pose a potential risk.
Of the unsolicited emails, about 80% were already blocked in advance. These include emails that were classified as spam using a real-time blackhole list, messages that attempted to use mail servers as an open relay and technical errors, greylisting or unidentifiable email addresses.
The Security Lab classified 15.54% of all unwanted emails as spam, 4% as threats and1% as advanced threats. These include CEO fraud, spear phishing or attacks with new types of malware.
Ransom leaks are on the rise
A prime finding in this study is that, apart from ransomware attacks, which continue to hit the headlines regularly, ransom leaks are now also on the rise. Ransom leak attacks copy and encrypt sensitive data. The cybercriminals charge the victim a ransom for the information to be decrypted, failing which they threaten to publish the copied data on their leak websites.
Hornetsecurity experts believe that future hackers will make greater use of services available on the dark web, such as ransomware-as-a-service, that allows a newcomer to use professionally created malware without needing any know-how.
Phishing emails will remain a principal attack tactic
Phishing emails are one of the most common attack tactics, and this will continue. Attackers use phishing emails to try to dupe the target into revealing confidential information such as credit card numbers, login details and other such data. At 7.1%, extortion was also found to have gained traction among cybercriminals. This includes “sextortion” emails, which threaten to reveal footage of the victim visiting a pornographic website unless a ransom is paid.
Spreading malware through archive files
The Hornetsecurity study revealed that in 33.6% of cases, archive files were used to spread malware where an email attachment contains malware that has been compressed. The idea is to circumvent security systems, in the hope that some of them cannot scan the compressed attachments. As this technique does not require technical knowledge, it is attractive to inexperienced attackers.
At 15.3%, HTML files were another widespread form of attack via email. These are often combined with phishing attacks, with a phishing website attached to the email in HTML format. Here, there is no URL to click within the email and the goal is to lead victims to a website from where they then download what turns out to be malware.
Increased focus on Microsoft 365
Microsoft 365 is a leading collaboration system, especially for businesses, and this has enticed cybercriminals to target it. Hornetsecurity recently conducted a survey of more than 420 companies that use Microsoft 365 for their email communications; the study found that one in four had fallen victim to an email security vulnerability at least once. Attacks targeting Microsoft 365 are expected to continue.
Forewarned is forearmed
As the old saying goes, forewarned is forearmed. Awareness may well be the first step, but this must be followed by effective action, in the form of installing a comprehensive and reputable email security and business continuity solution to protect one’s organisation.