Some 36.4% of 45 billion emails scanned by Hornetsecurity in the last 12 months were categorised as unwanted – in other words, vehicles for spam and potential malware threats to the recipient.
That makes email security a priority goal for cybersecurity teams, according to Hornetsecurity.
“In our 2024 Cyber Security Report we saw that out of the 45 billion emails we scanned in 12 months, 36.4% were categorised as unwanted. That’s over a third of all emails that you want to keep out of your user’s inboxes. Out of that third, 3.6% were flagged as malicious.
“Clearly you need a fast system to deal with the vast amount of junk quickly, which we do at the blocking phase, weeding out connections from known bad email servers, and traffic from known bad senders,” the vendor confirmed.
Organisations increasingly require advanced threat detection and protection to fend off evolving attacks, with email a typical route for criminal access to the organisation’s data or information.
“This is often a phishing email, asking the recipient to change their corporate password with a link to a site, or to approve a parcel delivery, or in what’s becoming more common, scan a QR code on your phone to access a business application,” Hornetsecurity said.
“You need a strong and layered defence that adapts and evolves with the ever-changing threat landscape.”
Hornetsecurity offers email security services that integrate with Microsoft 365 (M365) email offerings, both layering email security on top of Exchange Online, changing the
Mail eXchanger (MX) records, and by creating an application in Entra ID with permissions to the Graph Application Programming Interface (API).
“This second approach allows additional flexibility, such as the ability to reach into user’s mailboxes after an email has already been delivered and deleting it, if the system has determined that something was missed in the original delivery scan and the email is now identified as malicious,” the vendor explained.
Malicious document decryption assists with tackling email malware attached in encrypted files, sandboxing, registry monitoring, secure URL rewrites, fraud forensics, memory inspection, and QR code scanning for common file types like .gifs or .jpgs are also offered by Hornetsecurity.
In January 2024, Hornetsecurity’s lab team saw fewer advanced email threats but slightly more low-effort email attacks. HTML, PDFs, and Archive files remain the top three file types for attacker misuse, while DHL remained the most impersonated brand, the vendor said.
“The MOVEit supply chain attack continues to rack up victims, and now that a considerable amount of time has passed, the industry is starting to get a clearer picture of the true scope of the damage,” it said.
“(And) we’re seeing new phishing campaigns targeting both Instagram and Twitter or X users with the goal of account takeover or access to crypto wallets and other account assets.”
( Image © copyright Microsoft 2024 )