As email remains the primary mode of communication both for businesses and individual users, cybercriminals are lurking to take advantage of it. According to the recent research by Hornetsecurity, as much as 40% of all incoming emails constitute potential threats - from spam to phishing and malware.
The Cyber Threat Report Edition 2021/2022 by Hornetsecurity provides additional insights into the current threat landscape. As such, despite a high number of “unwanted” emails, 80% of them get blocked by security filters, with 15.4% classified as spam, 4% as threats, and 1% as advanced threats. The 1% includes malware, spear phishing, and CEO fraud.
In order to evade the possibility of being recognized by email filters, threat actors go through various means to hide malware. As such, archive files are the preferred option (33.6%) because they come in forms of attachments not always visible to scans and require little technical knowledge.
Archive files are followed by HTML files (at 15.3%,) where the phishing website is attached to the email as HTML. Avoiding URLs allows cybercriminals to bypass URL filters and possibly lure victims into downloading malware.
PDF files (14.5%) are generally utilized to spread malicious links. Excel files with XLM macros are also widely used (10.2%,) as they are less likely to be detected, according to the report. Those threat actors who opt for this method tend to use the same malicious document builder, EtterSilent, to create the files. Word (4.8%) and PowerPoint (0.4%) were also found to contain macros.
When it comes to specific industries, manufacturing, research, and transport sectors were most affected by spam, with the proportion to “wanted” emails being 4.9, 4.8, and 4.7 respectively in the first half of 2021.
Cybercriminals also increasingly use brand impersonation to trick victims. As such, by pretending to be a popular brand, they aim to get access to sensitive data, such as credit card and account details.
The most impersonated companies in the first half of 2021 were Amazon (at 17.7%.) and DHL (at 16.5%.) As more people are ordering goods online, they are also expecting a higher number of emails from the respective companies. Threat actors usually fabricate emails stating the arrival of a package.
“The email message is brief, the recipient usually does not question the origin if in fact a package is expected, and clicks on the tracking link. But this eventually leads to the download of a malicious program or to a phishing website,” the report suggests.
More from CyberNews:
Subscribe to our newsletter