- Report finds reverse proxy attack bypass 2FA that utilizes confidence in fake login
- Phishing remains dominant and accounts for a third of all attacks
- Malicious URLs wave, make up 22.7% of cyberattack strategies
Cyber criminals are constantly developing their tactics, and E -mail is still a primary vector of attacks, with new research from HornetsSecurity, which highlights several alarming trends, including the increase in malicious E emails and sophisticated legitimate tactics.
By 2024, companies all over the world received 20.5 billion e emails, of which a staggering 36.9% were unwanted. Alarming contained 2.3% of these – 427.8 million – malicious content.
Phishing attacks accounted for a third of all cyber attacks and highlighted the ongoing challenge of protecting organizations from misleading social technology.
The increase in reverse-proxy credentials theft
Malicious attachments have seen a fall, although a new threat, reverse proxy -legitimation theft, emerges,
These sophisticated attacks are taking advantage of social technique and malicious links rather than attachment to deceiving users. Victims are redirected to false login pages that mimic reliable sites and capture their credentials in real time.
Remarkably, these methods can bypass two-factor authentication apps (2FA). Tools like Evilginx allow attackers to create compelling fake login portals, making it easier to steal sensitive information. Malicious URLs now account for 22.7% of the attacks, reflecting a significant increase since 2023.
The report shows a decrease in the overall threat of most industry compared to 2023. Targeted attacks, however, continue across all sectors, with mining, entertainment and manufacture identified as high -risk industries.
Ransomware attacks and dual extension fraud are especially widespread in these areas. Fire -Postponement also remains a popular tactic among cyber criminals. Shipping companies such as DHL and FedEx were the most imitated brands, while Docusign, Facebook, Mastercard and Netflix then try more than double compared to 2023.
In order to address these attacks, organizations must implement advanced email filtering systems, adopt multi-layer approval mechanisms that are resistant to 2FA bypass and prioritize cybersecurity training employees to recognize phishing tactics.
“These findings highlight both progress and new challenges in the fight against cyber threats,” said Daniel Hofmann, HornetsSecurity CEO.
“While it is encouraging to see some consistency in attack methods, for defensive purposes, the shift against more targeted social technical tactics means that companies must remain vigilant. With over 427 million malicious E emails still reaching inboxes, it is clear that cyberSecurity strategies must develop to remain increasingly of sophistic threats.”
“By 2025, organizations must prioritize basic security practices and embrace a zero-thrust mindset to tackle vulnerabilities that are head-on and promote a strong security culture.”
