Four out of 10 work emails are unwanted
Analysis of over 25 billion emails from Hornetsecurity reveals that 40.5 percent of work emails are unwanted.
We're tempted to say, "only four out of 10?" but it all depends how you define unwanted. The report looks specifically at the use of email to deliver malicious payloads -- so those emails from your boss that you'd rather not receive don't count!
Archive files (Zip, 7z, etc.) sent via email make up 28 percent of threats, down slightly from last year's 33.6 percent, with HTML files increasing from 15.3 percent to 21 percent, and doc (and docx) from 4.8 percent to 12.7 percent.
"This year's cyber security report shows the steady creep of threats into inboxes around the world. The rise in unwanted emails, now found to be nearly 41 percent, is putting email users and businesses at significant risk," says Hornetsecurity CEO, Daniel Hofmann. "Our analysis identified both the enduring risk and changing landscape of ransomware attacks -- highlighting the need for businesses and their employees to be more vigilant than ever."
Since Microsoft disabled macros settings in 365, there has been a significant increase in HTML smuggling attacks using embedded LNK or ZIP files to deliver malware. Microsoft 365 makes it easy to share documents, and end users often overlook the implications of how files are shared, as well as the security implications. Hornetsecurity finds 25 percent of respondents are either unsure or assumed that Microsoft365 was immune to ransomware threats.
The report shows brand impersonation attacks continue to rise too, even on corporate social media, with LinkedIn growing to 22.4 percent of detected global brand impersonation threats, an increase of 3.5 percent compared with last year. Cybercriminals use platforms like LinkedIn to find job information and then use this to gain access to company resources through social engineering.
"For these attackers, every industry is a target. Companies must therefore ensure comprehensive security awareness training while implementing next-gen preventative measures to ward off threats," Hofmann adds. "Ongoing training should be in place to prevent fraudsters from manipulating the trust people have in Microsoft and other office systems, and to counteract the psychological tricks applied by attackers. As usage of cloud services continues to grow and more users turn to MS Teams to share business information, it's also critical to ensure all data shared via this platform is backed up."
The full report is available from the Hornetsecurity site.