Page 75 - Cyber Defense eMagazine September 2025
P. 75

These  malware  variants  are  commonly  delivered  via  malicious  .docx,  .html,  or  .pdf  files  hosted  on
            legitimate  cloud  services  such  as  Google  Drive  or  Microsoft  OneDrive,  which  further  complicates
            detection efforts.



            Industry-specific targeting intensifies

            Manufacturing continues to be the most targeted sector in the email threat landscape. For six consecutive
            quarters, manufacturers have been the top target for cybercriminals. In Q2 2025, the industry accounted
            for 26 percent of all email-based attacks. In Q1, that number was even higher at 36 percent.

            Manufacturers are particularly vulnerable due to their reliance on email communications across supply
            chains, vendor relationships, and logistics. Retail and healthcare followed in Q2 with 20 percent and 19
            percent of attacks, respectively. In Q1, the financial sector tied with retail for second place at 15 percent
            each.



            Business email compromise becomes more local

            BEC attacks are becoming more linguistically sophisticated. In Q2, 42 percent of impersonation attempts
            targeted English-speaking executives, while 38 percent were aimed at Danish-speaking leaders. Swedish
            and Norwegian-speaking executives made up an additional 19 percent of targets.

            Attackers are now localizing their messages, using native-language communications to increase the
            credibility of their impersonation attempts. CEOs and senior executives remain the most common targets,
            comprising 82 percent of all impersonation efforts. However, other departments are also in the crosshairs,
            including directors, human resources, IT staff, and even education administrators.



            New delivery mechanisms and tactics

            Phishing  links  are  increasingly  delivered  through  open  redirect  mechanisms.  In  Q2,  54  percent  of
            malicious  links  were  hidden  behind  open  redirects  on  legitimate  services  such  as  email  marketing
            platforms and analytics tools. These links obscure the final destination, making them harder for users
            and filters to identify as suspicious.

            There is also a growing use of QR codes embedded in PDF attachments. These codes entice users to
            scan  them  with  their  smartphones,  bypassing  email  scanning  tools  entirely and connecting  the  user
            directly to a malicious site.












            Cyber Defense eMagazine – September 2025 Edition                                                                                                                                                                                                          75
            Copyright © 2025, Cyber Defense Magazine. All rights reserved worldwide.
   70   71   72   73   74   75   76   77   78   79   80