- Businesses are being sent billions of spam emails
- Of these emails, 427 million contained malicious content
- Phishing attacks are the primary attack vector
New research from HornetSecurity has shown that a third of all emails received by businesses this year were spam, amounting to over 20 billion over the course of the year. Of these, over 427 million contained malicious content (2.3%).
Unsurprisingly, phishing is top of the list of most prevalent cyberattacks in 2024, and was responsible for a third of all attacks. Malicious URLS came in a close second, making up 22.7%.
Malicious links often direct victims to fake login pages, enticing them to enter personal or even payment information. Although nearly every type of malicious file saw a decrease in comparison to 2023, HTML files (20.4%), PDFs (19.2%), and Archive files (17.6%) were still the top three vectors used.
Phishing is king
Cybercriminals have been using social engineering attacks for many years, but the evolution of AI tools has led to a significant rise in attacks in recent years, with some businesses receiving 36 phishing emails per day.
AI is not only making attacks more common, but also more sophisticated, with new tactics often able to bypass security measures, with Q2 of 2024 seeing a 52.2% increase in phishing attacks which passed secure email gateway detection.
“Last year, our prediction came to pass that phishing attacks would become more sophisticated, targeted and difficult to spot, due in large part to the proliferation of generative AI.” said Matt Aldridge, Principal Solutions Consultant at OpenText Cybersecurity.
“We predict that this trend will continue, as attackers continue to become better armed with AI-integrated solutions such as next-generation phishing kits. Ensuring that all bases are covered will need to be top of mind for SMB defenders. Getting the basics right has never been more critical.”