According to the Cyber Threat Report Edition 2021/2022 by Hornetsecurity Security Labs, 40 percent of all incoming emails of all email traffic during the period under investigation posed a potential threat. This primarily includes spam, phishing emails and advanced threats such as CEO fraud and all kinds of malware. The Security Lab classified 15.54 percent of all unwanted email as spam, 4 percent as threats and 1 percent as “advanced threats”. These include CEO fraud, spear phishing or attacks with new types of malware, some of which are still unknown. To avoid being detected by their victims’ spam and virus filters, cybercriminals hide malware in their email attacks in a variety of ways. In 2021, archive files were the most common way to spread malware, at more than 33 percent.
Email branding is on the rise
Brand impersonation is particularly popular. To do this, cyber criminals copy the corporate design of the impersonated company and name the sender address in such a way that it can hardly be distinguished from the original e-mail address. The main aim is to get access to the user’s access data or to spread malware via hidden links.is in the statistics of the experts from the Hornetsecurity Security Lab with 17.7 percent in 1st place of the most copied companies. With 16.5 percent, Deutsche Post / DHL is among the top 5 most imitated brands, followed by Docusign, Paypal and LinkedIn. The security experts also use the threat index to determine the attack rate for different industries. In the first half of 2021, the manufacturing industry, research and development institutions and companies in the public transport sector, such as buses and trains, airlines and taxi companies were particularly affected by cyber attacks.
Hackers publish data after ransom leaks
are now widespread Ransomleaks, an extension of the previously known ransomware attacks. In ransom leak attacks, the attackers first copy sensitive data from those affected and then encrypt it. However, if payment of the ransom for decryption is refused, the cyber criminals threaten to publish the copied data on so-called leak websites. Around 140 pieces of data were published on the REvil ransomware leak website, and new ones are added almost every day. However, this puts the hacker group “only” in 5th place among the leak websites with the most published data on ransom leak victims. According to the Russian domestic secret service FSB, the infrastructure of the hacker group REvil was dissolved in January 2022.