Hornet Cybersecurity Report 2025

Keypoints

• Most cybersecurity vendor reports, including Hornetsecurity’s, follow a structured format comprising an executive summary, analysis of the current threat landscape, major incident reviews, future threat projections, and resource recommendations.
• Typical report sections discuss threat statistics, attack vectors, industry-specific threat indices, and insights into threat actors’ evolving techniques.
• Key statistics reveal that around 36.9% of emails processed are unwanted, with phishing accounting for over one-third (33.3%) of email attacks in 2024.
• Major threats identified include phishing, malicious URLs, brand impersonation, and credential theft, often utilizing social engineering and advanced malware techniques.
• Attacks are increasingly targeted at cloud services like Microsoft 365, with attackers exploiting vulnerabilities in multi-tenant environments and cloud credentials.
• Trend analysis indicates a gradual decrease in malicious attachments but a rise in URL-based attacks and social engineering, reflecting shifts in attacker preferences.
• Notable findings point to the rise in impersonation attempts of brands like FedEx and Netflix, and a surge in sophisticated adversary-in-the-middle (AiTM) attacks aimed at data theft.
• Future projections warn of growing threats from AI-enabled deepfakes, quantum computing challenges, and increased regulation around AI and open-source software.
• Recurring themes emphasize the importance of multi-layered security, continuous monitoring, and the adoption of newer technologies like passkeys and phishing-resistant login methods.
• The reports serve as a crucial resource for organizations aiming to understand the evolving threat landscape and adapt their defenses accordingly, especially for protecting platforms like Microsoft 365.