- The report finds the inverse proxy attacks bypass 2FA, exploiting confidence in false connections
- Phishing remains dominant, representing a third of all attacks
- Malicious URL, comprising 22.7% of cyber attack strategies
Cybercriminals are continuously evolving their tactics, and emails remain a main vector for attacks, with new research by Hornetsecurity highlighting several alarming trends, including the rise of malicious emails and sophisticated identification flight tactics.
In 2024, companies around the world received 20.5 billion emails, 36.9% of which were unwanted. Alarming, 2.3% of these – 427.8 million – contained malicious content.
Phishing attacks have represented a third of all cyber attacks, highlighting the continuous challenge to safeguard the organizations of deceptive social engineering tactics.
The rise in the identification flight with reverse proxy
The malicious attachments have seen a decline, although a new threat, a reverse proxy identification flight, emerges,
These sophisticated attacks take advantage of social engineering and malicious ties rather than attached pieces to deceived users. Victims are redirected to false connection pages that imitate trust sites, capturing their real -time identification information.
Remarkably, these methods can bypass two -factor authenticator applications (2FA). Tools like Evilginx allow attackers to create convincing false portals, which facilitates sensitive information. Malventy URLs now represent 22.7% of attacks, reflecting a significant wave since 2023.
The report shows a drop in the overall threat index for most industries compared to 2023. However, targeted attacks persist in all sectors, with mining, entertainment and manufacturing identified as high -risk industries.
Ransomware attacks and double exposure scams are particularly widespread in these areas. The identity of the brand also remains a popular tactic among cybercriminals. The maritime companies like DHL and Fedex were the most from, while Docusign, Facebook, Mastercard and Netflix saw more than double attempts compared to 2023.
To counter these attacks, organizations must implement advanced e-mail filtering systems, adopt multilayer-resistant multilayer authentication mechanisms of 2FA and prioritize the training courses in cybersecurity to recognize phishing tactics.
“These results highlight the progress and new challenges in the fight against cyber-men,” said Daniel Hofmann, CEO of Hornetsecurity.
“Although it is encouraging to see a certain consistency in attack methods, for defensive purposes, the change to more targeted social engineering tactics means that companies must remain vigilant. With more than 427 million malicious emails reaching reception boxes, it is clear that cybersecurity strategies must evolve to stay ahead of more and more sophisticated threats.
“In 2025, organizations must prioritize basic security practices and adopt a zero-frust state of mind to fight against front vulnerabilities and promote a strong culture of security.”
“The construction of a well -defended company is not possible without engaging everyone – helping them understand how cybersecurity affects them personally and why their role is essential to maintain threats from a distance. By working with trust suppliers, companies can not only protect themselves, but also exploit expert knowledge that increases their global cybersecurity strategy.”
