- The report finds inverse proxy attacks 2FA
- Phishing is still dominant, representing a third of all attacks
- It arises from malicious URLs, which includes 22.7% of cyber attack strategies
Cybercounts continually evolve their tactics, and email remains a main vector for attacks, with a new Hornetsecury investigation that highlights several alarming trends, including the increase in malicious electronic emails and sophisticated tactics of credentials.
In 2024, companies around the world received 20.5 billion emails, of which an amazing 36.9% were not desired. Stiring, 2.3% of these – 427.8 million – contained malicious content.
Phishing attacks represented a third of all cyber attacks, highlighting the continuous challenge of safeguarding organizations of deceptive social engineering tactics.
The emergence of the theft of prose in reverse
Malicious attachments have seen a decrease, although a new threat is emerging, the theft of a reverse power credential, is emerging,
These sophisticated attacks take advantage of social engineering and malicious links instead of attached files to users to deceive. The victims are redirected to false login pages that mimic the trusted sites, capturing their credentials in real time.
Surprisingly, these methods can avoid two factors' authenticator applications (2FA). Tools such as Evilginx allow attackers Create False Favoring Login Portals, which facilitates the theft of confidential information. Malicious URLs now represent 22.7% of the attacks, which reflects a significant increase since 2023.
The report shows a decrease in the general threat index for most industries compared to 2023. However, the directed attacks persist in all sectors, with mining, entertainment and manufacturing identified as high -risk industries.
Ransomware attacks and double -extension scams are particularly frequent in these areas. Brand impersonation also remains a popular tactic among cybercriminals. The shipping companies such as DHL and Fedex were the most personified brands, while Docusign, Facebook, Mastercard and Netflix saw more than double attempts compared to 2023.
To counteract these attacks, organizations must implement advanced email filtering systems, adopt multiple layers of multiple layers resistant to 2FA omission and prioritize cyber security training courses of employees to recognize Phishing tactics.
“These findings highlight both progress and new challenges in the fight against cyber threats,” said Daniel Hofmann, CEO of Hornetsecury.
“While it is encouraging to see some consistency in the attack methods, for defensive purposes, the change towards more specific social engineering tactics means that companies must remain attentive. With more than 427 million malicious emails that still reach the entrance trays, it is clear that cybersecurity strategies must evolve to remain in advance of increasingly sophisticated threats.”
“In 2025, organizations must prioritize basic security practices and adopt a zero confidence mentality to address vulnerabilities in front and promote a strong security culture.”
“Building a well -defended business is not possible without involving everyone: obtaining them, understands how cybersecurity impacts them personally and why their role is essential to keep threats at bay. When working with trust suppliers, companies can not only protect themselves, but also take advantage of the expert knowledge that elevates their general cyber security strategy.”
