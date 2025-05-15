Cybercriminals Are Having More Success with Low-Tech, Human-Centric Attacks

The manufacturing sector remains the most targeted sector in the email threat landscape.

May 15, 2025
VIPRE Security Group recently unveiled its email threat landscape report for the first quarter of 2025. The report showed:

  • Cybercriminals are taking the sentiment "work smarter, not harder" to a whole other level with callback phishing scams accounting for 16 percent of phishing attempts. This stands out because link usage, which accounted for 75 percent of phishing attempts in Q1 2024, dropped by 42 percent in Q1 2025, making room for callbacks, which now account for nearly one in five attempts. With email scanning technology now adept at spotting compromised links, cybercriminals are resorting to callback scams via emails that leave no trace at all. Callback phishing is a social engineering attack where victims are tricked into calling a seemingly legitimate phone number through emails or texts to reveal sensitive information or download malware.
  • SVG files are fast becoming cybercriminals' favored types of attachments (34 percent) for phishing attacks, coming a close second to PDF attachments (36 percent). By embedding the ‹ script › tag of an SVG file with a malicious URL, attackers execute JavaScript when the link is opened in a web browser, redirecting the user to a compromised website. In doing so, they bypass anti - phishing defenses.
  • The backdoor-type malware, XRed, was responsible for the most malware attacks in Q1 2025, surpassing the second-most prominent malware family (Lumma) by a factor of three. StealC, AgentTesla, and Redline followed.
  • HTML attachments took up 12 percent of cybercriminals' overall malspam strategy. With heightened awareness about the use of malicious HTML attachments, attackers are looking for less obvious methods, preferring PDFs and SVG files instead.
  • The manufacturing sector remains the most targeted sector in the email threat landscape, holding its lead at 36 percent vis-à-vis the retail and financial sectors, which tie at second place, with each receiving 15 percent of attackers' attention. 

"There's a clear shift in cybercriminals' preference towards low-tech, high-impact, human-centric tactics. This demands a fundamental rethink of email security – one that addresses the human element as vigilantly as the technological," Usman Choudhary, Chief Product and Technology Officer, VIPRE Security Group, said. "With cybercriminals mastering the art of human deception, and crafting phishing attacks that bypass conventional defenses, email security in turn demands an approach that weaponizes cybercriminals' own actions and uses their patterns to create a unique, future-proofed response." 

To read the full report, click here.

May 1, 2025
The Pros and Cons of Implementing a Bug Bounty Program
May 15, 2025
Building a Cybersecurity-First Culture in U.S. Manufacturing
May 15, 2025
Security Breach: Dark AI, Hacker Evolutions Speeding Vulnerability Exploitation
May 15, 2025
The Pros and Cons of Implementing a Bug Bounty Program
Building a Cybersecurity-First Culture in U.S. Manufacturing
AI is Lowering the Barrier for Threat Entry While Increasing Attack Complexity
Today in Manufacturing has a new podcast brought to you by the editors of Industrial Media. In each episode, we discuss the five biggest stories in manufacturing, and the implications they have on the industry moving forward.
May 1, 2025
Building a Cybersecurity-First Culture in U.S. Manufacturing
Nation-state threats and AI tools have made it vital to embed cybersecurity into workplace culture.
May 15, 2025
Security Breach: Dark AI, Hacker Evolutions Speeding Vulnerability Exploitation
Deeper dives into OT priorities will be key to making breaches more difficult.
May 15, 2025
Navigating Manufacturing’s Third-Party Access Risk
Ways to manage external access while reducing exposure to possible breaches.
May 15, 2025
MCP Server Could Revolutionize API Security
The tool allows for interacting with APIs using natural language.
May 8, 2025
Huntress Debuts Managed SIEM to Simplify Cybersecurity
The platform offers compliance support, investigation, detection, response and threat hunting.
May 8, 2025
AI in Manufacturing: Balancing Benefits, Risks, Security and Compliance
Hasty implementations of AI will create regulatory penalties, cyberattacks and operational disruption.
May 8, 2025
Report Links Infostealer Logs to Ransomware Surge
The malware is fueling new attacks and helping bad actors evolve the complexity of their operations.
May 8, 2025
Future-Proofing the ICS
Using machine learning to advance AI and redefine OT cyber defense.
May 8, 2025
Beachheads and Safe Havens: How Threat Actors Gain Access and Maintain Control
How focusing on three key building blocks can help improve OT security.
May 8, 2025
CISA Warns of Unsophisticated Cyber Actors Targeting OT
'A simple script, when aimed at an unprotected valve, sensor or controller, can have very real consequences.'
May 8, 2025
AI Data Centers: Securing the Future
As industries race to leverage AI's potential, a sophisticated and evolving threat landscape is rising.
May 1, 2025
Email Remains Primary Gateway for Disinformation and Cyberattacks
Many adopt email authentication but half lack effective protection against spoofing.
May 1, 2025
Preparing for a Cybersecurity Audit
It may appear daunting, but this four-step process can help streamline your efforts.
May 1, 2025
Kellogg, Hertz Victims in Cyber Breach of HR Files
The vulnerability has been identified as a file transfer software program.
May 1, 2025