New research from Hornetsecurity has revealed that 40.5 percent of work emails are unwanted. The Cyber Security Report 2023, which analysed more than 25 billion work emails, also reveals significant changes to the nature of email-based cyber attacks in 2022.
Phishing remains the most common style of email attack, representing 39.6 percent of detected threats. Archive files (Zip, 7z, etc.) sent via email made up 28 percent of threats, down slightly from last year's 33.6 percent, with HTML files increasing from 15.3 percent to 21 percent, and DOC(X) from 4.8 percent to 12.7 percent.
New cyber security trends and techniques for organizations to watch out for were also tracked. Since Microsoft disabled macros settings in Office 365, there has been a significant increase in HTML smuggling attacks using embedded LNK or ZIP files to deliver malware.
Microsoft 365 makes it easy to share documents, and end users often overlook the ramifications of how files are shared, as well as the security implications. Hornetsecurity found that 25 percent of respondents to a survey for the report were either unsure or assumed that Microsoft365 was immune to ransomware threats.
Cyber threats go beyond email and business communication platforms, however. Brand impersonation attacks continue to rise, even on corporate social media, with LinkedIn growing to 22.4 percent of detected global brand impersonation threats, an increase of 3.5 percent compared with last year.
Cybercriminals use platforms like LinkedIn to determine job information and use this to gain access to company resources through social engineering. Organizations and their employees must always exercise caution when receiving work emails - both those that are unwanted, and those that may be from malicious impersonators.