Corporate cybersecurity turns on the alarms again. On this, Barracuda Networks alerts in your report on threats of email 2025, of the current tactics most used by cybercriminals to infiltrate organizations around the world through email.
The study, based on millions of attack attempts detected by the firm’s own technology, reveals a change in the techniques used by the attackers: instead of inserting malicious links directly into the body of the messages, they increasingly opt more to hide them in attachments, especially in HTML, PDF and Microsoft Office documents.
“Up to 20% of organizations suffer at least one attempt or successful attack of account theft every month,” says Barracuda, warning of the growing use of strategies such as phishing, the filling of credentials and the exploitation of weak or repeated passwords. “Once inside, the attackers can move laterally, steal confidential data and launch new attacks from seemingly legitimate accounts.”
Email in the spotlight
Among the most prominent findings of the report, the use of the HTML file as a main attack vehicle stands out: 23% of these files were to be malicious, concentrating more than three quarters of the total harmful files detected. In addition, QR code abuse in PDF and Office documents, designed to redirect the user to fraudulent sites, with 68% and 83% rates, respectively.
The company’s new report reveals a worrying increase in hidden threats in attachments and a high rate of theft of business accounts
Other attack vectors also attract attention: 12% of malicious PDF files are related to Bitcoin extortion scams, a modality that seeks to intimidate the receiver with false threats in exchange for cryptocurrency payments.
As if that were not enough, the report puts the focus on the structural weaknesses of many organizations: almost half (47%) of the email domains analyzed do not have implemented the DMARC protocol, a key tool to avoid the impersonation of identity.
With 24% of the current emails classified as malicious or unwanted spam, the panorama drawn by Barracuda confirms that the artificial intelligence applied to the detection of threats will be essential to keep at bay some increasingly sophisticated threats and difficult to identify by traditional means.
