Monthly Threat Report January 2025

The Monthly Threat Report by Hornetsecurity brings you monthly insights into M365 security trends, email-based threats, and commentary on current events in the cybersecurity space. This edition of the Monthly Threat Review focuses on data from Q4 of 2024. As a reminder we moved away from monthly data reviews sometime ago in favor of quarterly reviews. This allowed us to provide commentary on larger movements in the security landscape as opposed to month-to-month. 

Executive Summary

  • The number of email based attacks increased in Q4 2024 vs Q3 2024. 
  • Archives, PDFs, and HTML files were the most popular types used by threat actors for the delivery of malicious payloads. 
  • DOCX and XLSX files saw a noted decrease in usage by threat actors after a surprising increase in Q3 of 2024. 
  • The education sector saw a noted increase in the amount of email based threats and has moved it’s way up to the top three most targeted industries for this data period. 
  • The top three targeted sectors during this data period are Mining, Entertainment, and Education. 
  • DocuSign is the top most impersonated brand during the data period. 
  • DocuSign, PayPal, and Intuit all saw a 3X increase in the use of their brand by threat actors to launch impersonation attacks. 
  • There were many attacks on telecom organizations in the US as well as in the UK during the month of December. 
  • Critical Infrastructure in Costa Rica was targeted and impacted during the month of December. 
  • The report covers a number of predictions and recommendations for the coming months given the current threat landscape. 

Read the full article