Companies received more than 20 billion spam emails this year
- Companies receive billions of spam emails
- Of these emails, 427 million contain malicious content
- Phishing attacks are the main attack vector
New research by HornetSecurity has shown that a third of all emails companies received this year were spam, amounting to over 20 billion over the year. Of these, over 427 million contain malicious content (2.3%).
Unsurprisingly, phishing tops the list of most common cyber attacks in 2024, accounting for a third of all attacks. Malicious URLs came in a close second, accounting for 22.7%.
Malicious links often lead victims to fake login pages, tricking them into entering personal or even payment information. Although almost every type of malicious file saw a decline compared to 2023, HTML files (20.4%), PDFs (19.2%), and archive files (17.6%) were still the three most used vectors.
Phishing is king
Cybercriminals have been using social engineering attacks for years, but the evolution of AI tools has led to a significant increase in attacks in recent years, with some companies receiving 36 phishing emails per day.
AI is making attacks not only more common, but also more sophisticated, with new tactics often able to bypass security measures. In the second quarter of 2024, there was a 52.2% increase in phishing attacks that bypassed the detection of secure email gateways.
“Last year, our prediction came true that phishing attacks would become more sophisticated, targeted and harder to spot, largely due to the proliferation of generative AI.” said Matt Aldridge, Principal Solutions Consultant at OpenText Cybersecurity.
“We predict this trend will continue as attackers become increasingly better armed with AI-integrated solutions such as next-generation phishing kits. Ensuring all bases are covered should be a top priority for SMB defenders. Getting the basics right has never been more crucial.”