E-mail remains to be the most typical assault vector for cyber threats, in line with a brand new report from Barracuda.
The researchers discovered that one in 4 emails throughout February 2025 was both malicious or spam. HTML attachments have been the most typical file sort utilized in phishing emails.
“Probably the most putting findings from the report is that 23% of HTML attachments are malicious, making them probably the most weaponized sort of textual content file,” Barracuda says.
“This statistic underscores a major shift in how attackers are working. Quite than relying solely on malicious hyperlinks, cybercriminals are embedding dangerous content material inside attachments to evade detection by conventional safety measures. The truth is, greater than three-quarters of all detected malicious recordsdata have been HTML recordsdata.”
Attackers are additionally more and more embedding malicious QR codes inside attachments, permitting them to evade safety filters.
“68% of malicious PDFs and 83% of malicious Microsoft 365 paperwork comprise QR codes that result in phishing or different dangerous web sites,” the researchers write. “These file varieties are extensively trusted in enterprise environments, making them efficient in social engineering assaults. As soon as the QR code is scanned, victims are redirected to phishing pages impersonating Microsoft 365 login portals, the place attackers steal credentials to compromise enterprise accounts.”
Moreover, the researchers discovered that 20% of organizations expertise at the least one account takeover (ATO) assault every month.
“ATO assaults create long-term safety dangers by permitting attackers to conduct reconnaissance actions and unfold additional assaults,” Barracuda says. “27% of ATO incidents concerned suspicious rule adjustments, corresponding to establishing e mail forwarding to an exterior handle or auto-deleting incoming safety alerts. These techniques assist attackers preserve persistence and keep away from detection. Moreover, 17% of compromised accounts have been used to ship spam or dangerous messages, usually resulting in additional phishing assaults, malware distribution, or BEC scams.”
The researchers add, “To mitigate dangers related to ATO, SMBs ought to prioritize multi-factor authentication (MFA), worker safety consciousness coaching, and automatic monitoring for suspicious account exercise.”
KnowBe4 empowers your workforce to make smarter safety selections day-after-day. Over 70,000 organizations worldwide belief the KnowBe4 platform to strengthen their safety tradition and cut back human threat.
Barracuda has the story.
