Email continues to remain the most popular delivery medium for malware and viruses: Hackers going after companies through individual employees

Email Phishing Malware Viruses
Email is most preferred for phishing attacks to lure employees Pic credit: Brother UK/Flickr

A new report reaffirms the fact that the email platform is by far the most used to deploy all types of malicious code. Moreover, hackers and malicious code writers are increasingly and actively targeting businesses through their employees.

The latest HP Wolf Security Threat Insights Report has reportedly collated some important insights into the world of cybersecurity. It confirms that email is still the most popular way for malware and other threats.

Email is the best medium to deploy malware, viruses, and conduct phishing attacks?

The HP Wolf Security Threat Insights Report covers the first half of 2021. HP Security Analysts have compiled the comprehensive report. It draws inferences from customers who chose to share their threat alert metrics with the company.

The report clearly mentions more than 75 percent of threats are present in emails. In other words, more than two-thirds of all the threats that arrive at a potential victim are through emails.

Hackers still prefer emails primarily because they can conduct mass mailing campaigns. While the effectiveness of spam mail is reducing, threat actors need only a few victims.

“Simultaneously, users continue to fall prey to simple phishing attacks time and time again. Security solutions that arm IT departments to stay ahead of future threats are key to maximizing business protection and resilience,” observed Ian Pratt, global head of security at HP.

Interestingly, one of the most common techniques to deliver malware and viruses through emails is a resume-themed malicious spam campaign. Simply put, hackers send employees emails that seem like a recruitment drive and ask them to submit details.

About half of all email phishing campaigns used invoices and business transactions, while another 15 percent were “replies” to intercepted email threads. It seems cybercriminals are no longer relying on the pandemic to deliver malware. Less than 1 percent of phishing emails used the pandemic.

Hackers increasingly going after businesses and large corporations with ransomware attacks:

Hackers are getting organized and going after ever-larger targets. The primary intention is to steal data and hold it for ransom.

Alex Holland, a senior malware analyst at HP, said the cybercrime ecosystem continues to develop and transform, with more opportunities for petty cybercriminals to “connect with bigger players within organized crime, and download advanced tools that can bypass defenses and breach systems.”

“We’re seeing hackers adapt their techniques to drive greater monetization, selling access on to organized criminal groups so they can launch more sophisticated attacks against organizations.”

Archive files, spreadsheets, documents, and executable files were the most common types of malicious attachments. However, cybercriminals are also using less common file types to try and evade detection.

Notify of
Inline Feedbacks
View all comments
Would love your thoughts, please comment.x