- Report finds reverse proxy assaults bypass 2FA, exploiting belief in pretend logins
- Phishing stays dominant, accounting for a 3rd of all assaults
- Malicious URLs surge, comprising 22.7% of cyberattack methods
Cybercriminals are regularly evolving their techniques, and e-mail stays a main vector for assaults, with new analysis from Hornetsecurity highlighting a number of alarming tendencies, together with the rise of malicious emails and complex credential theft techniques.
In 2024, companies worldwide acquired 20.5 billion emails, of which a staggering 36.9% have been undesirable. Alarmingly, 2.3% of those – 427.8 million – contained malicious content material.
Phishing assaults accounted for a 3rd of all cyber-attacks, highlighting the continued problem of safeguarding organizations from misleading social engineering techniques.
The rise of reverse-proxy credential theft
Malicious attachments have seen a decline, although a brand new risk, reverse proxy credential theft, is rising,
These refined assaults leverage social engineering and malicious hyperlinks fairly than attachments to deceive customers. Victims are redirected to pretend login pages that mimic trusted websites, capturing their credentials in actual time.
Remarkably, these strategies can bypass two-factor authenticator apps (2FA). Instruments like Evilginx allow attackers to create convincing pretend login portals, making it simpler to steal delicate data. Malicious URLs now account for 22.7% of assaults, reflecting a major surge since 2023.
The report reveals a decline within the total risk index for many industries in comparison with 2023. Nonetheless, focused assaults persist throughout all sectors, with mining, leisure, and manufacturing recognized as high-risk industries.
Ransomware assaults and double-extortion scams are significantly prevalent in these areas. Model impersonation additionally stays a well-liked tactic amongst cybercriminals. Delivery firms like DHL and FedEx have been probably the most impersonated manufacturers, whereas DocuSign, Fb, Mastercard, and Netflix noticed makes an attempt greater than double in comparison with 2023.
To counter these assaults, organizations should implement superior e-mail filtering methods, undertake multi-layered authentication mechanisms immune to 2FA bypassing, and prioritize worker cybersecurity coaching programs to acknowledge phishing techniques.
“These findings spotlight each progress and new challenges within the battle towards cyber threats,” mentioned Daniel Hofmann, Hornetsecurity CEO.
“Whereas it’s encouraging to see some consistency in assault strategies, for defensive functions, the shift towards extra focused social engineering techniques means companies should keep vigilant. With over 427 million malicious emails nonetheless reaching inboxes, it’s clear that cybersecurity methods should evolve to remain forward of more and more refined threats.”
“In 2025, organizations should prioritize primary safety practices and embrace a zero-trust mindset to sort out vulnerabilities head-on and foster a robust safety tradition.”
“Constructing a well-defended enterprise isn’t attainable with out partaking everybody—serving to them perceive how cybersecurity impacts them personally and why their position is important to maintaining threats at bay. By working with trusted distributors, firms can’t solely shield themselves but in addition faucet into skilled information that elevates their total cybersecurity technique.”