wonderfully unique software solutions

Phishing attacks still plague common file types, Hornetsecurity warns

Phishing via archive, HTML, Excel or PDF files remain the leading email-based cyber attack on organisations, according to cybersecurity specialists at Hornetsecurity.

For the month of June 2022, archive file types comprised some 35.6% of attacks picked up by the email security vendor’s threat research, followed by HTML (18.5%), Excel spreadsheets (14.4%) and PDFs (12.6%).

“Some of the most commonly impersonated brands in email phishing attacks are banks, credit card companies, shipping companies, and online retailers,” the vendor explained.

“These types of attacks usually involve the attacker sending an email that appears to be from a legitimate company, and asking the recipient to provide personal or financial information.”

Of threats found, 30.7% were phishing attacks, with URL-based threats (11.7%) next, the report said.

Phishing emails often contain a link to a fake website that resembles or even looks identical to the real website. Information collected can then be used for fraud or theft attempts, including identity theft.

Hornetsecurity’s threat report for June 2022 listed Sparkasse, DHL, Amazon, 1&1, Postbank, Microsoft, UPS, Volks-und Raiffeisenbank, LinkedIn and DocuSign as some commonly impersonated brand names.

“It’s a constant stream of phishing and other attacks impersonating big brands and organizations to entice recipients to open the emails,” the vendor said.

“Phishing dominates email attacks because it is an effective way to trick people into giving away their personal information or clicking on malicious links. They often contain urgent or alarming language that can trick people into taking action without thinking.”

Hornetsecurity warned that modern tools can allow phishers to retrieve 2FA codes or session cookies as well — circumventing popular security features of many financial organisations and e-commerce sites.

In June 2022, attacks on the research industry were prevalent, comprising 7.2% of attacks, followed by manufacturing (4.2%) and transport (4%). Automotive industry, utilities, IT, the media, mining, retail and agriculture were also frequent targets.

HTML, PDF, ZIP, and Excel files were popular vectors of attack because they can be used to hide malicious code that executes on opening, without additional software, Hornetsecurity noted.

( Image by Gerd Altmann from Pixabay )

Recent Articles

Arista warns SMBs to take precautions against edge threats

Arista Networks, the vendor of Arista Edge Threat Management (ETM) has warned that SMBs aren't always aware of the extent of targeting...

Instructure rolls out iWork update for Canvas LMS users on Apple

Learning management software company Instructure has taken the covers off an Apple iWork update for its Canvas learning management system (LMS).

E-learning player iSpring adds six integrations for its LMS platform

Customers of the iSpring Learn learning management system (LMS) can now connect to no less than six additional platforms with a view...

What’s new in JetBrains code analyser Qodana 2023.2

The code-quality platform Qodana, new from a cornucopia of JetBrains developer tools, now boasts server-side analysis integrated with the 2023.2 releases of...

N-able leads RMM field across multiple awards programmes

Remote monitoring and management (RMM) provider N-able has taken two more coveted titles for 2023, including a prestigious CRN award for the...

Related Stories

Leave A Reply

Please enter your comment!
Please enter your name here

Weirdware monthly - Get the latest news in your inbox