Aggregator

2024年中国企业邮箱安全性研究报告:揭秘恶意邮件神秘幕后推手

嘶吼
3 months 2 weeks ago

2025年3月31日,Coremail邮件安全人工智能实验室、CACTER邮件安全研究团队和奇安信行业安全研究中心联合发布了《2024中国企业邮箱安全性研究报告》。

本报告聚焦于中国企业邮箱安全性,以电子邮箱的使用、垃圾邮件、钓鱼邮件、带毒邮件为核心研究对象,从其规模、发送源、受害者分布以及典型案例等多维度展开深入分析。

一、2024年国内企业邮件活跃用户规模约2亿

根据Coremail邮件安全人工智能实验室与奇安信行业安全研究中心的联合监测,同时综合网易、腾讯、阿里巴巴等主流企业邮箱服务提供商的公开数据进行分析评估,2024年活跃的国内企业邮箱用户规模约为2亿,与2023年用户规模相比增长约5.3%

二、2024年正常邮件收发占比46.8%

据报告显示,2024 年,全国企业级邮箱用户共收发各类电子邮件约8188.4 亿封,同比增长了 4.8%,日均收发电子邮件约 22.4 亿封。其中,正常邮件占比约为46.8%、普通垃圾邮件占比为38.3%、钓鱼邮件9.2%、带毒邮件 5.4%。

三、2024年钓鱼邮件同比增加30.8%

2024年全国企业邮箱用户共收到各类钓鱼邮件约755.0亿封,相比2023年收到各类钓鱼邮件的577.1亿封,增加了30.8%。钓鱼邮件数量在2021年短暂抑制后,持续迅猛增长。

四、香港成为发送钓鱼邮件最多的地区

从国内钓鱼邮件发送源的服务器所在地来看,香港特别行政区超越了江苏省成为国内发送钓鱼邮件最多的省级行政区,有17.8%的钓鱼邮件来自香港的邮箱;江苏的钓鱼邮件活动依旧活跃,有约14.9%的钓鱼邮件来自江苏;另有约9.6%的钓鱼邮件来自广东。

五、2024年国内电子邮箱账号被盗规模达1074万

从过去几年的总体情况来看,邮箱盗号问题仍在持续加剧:2024年国内企业邮箱账号被盗总量是2020年的近2.3倍;被盗账号数量在当年活跃邮箱账号中的占比也从2.97%猛增到5.37%。邮箱账号安全管理问题亟待加强。

六、生成式AI加剧钓鱼邮件威胁

据调查显示,越来越多的攻击者正在使用生成式AI,更加快速地制作更有针对性的恶意邮件文案内容。邮件攻击者,开始采用AI技术进行自动化的邮件攻击,主要体现在目标人群选择、投放策略制定和口令爆破攻击等方面。这种动态演进的威胁模式对传统防御策略提出了更高的挑战,推动企业与安全厂商加速研发AI驱动的防御工具以应对持续升级的威胁。

七、应对措施

为应对这一威胁,CACTER结合大模型能力,全新推出大模型邮件安全网关,以“AI之盾”防御“AI之矛”,为企业提供全方位的邮件安全防护:

·语义深度理解能力:基于Transformer架构的上下文建模,能够精准识别恶意邮件中的复杂语义和隐晦意图,有效拦截伪装成正常邮件的钓鱼邮件。

·多模态联合分析能力:实现跨文本、图像、附件的统一表征学习,不仅能检测文本内容,还能识别邮件中的恶意图片、附件等,全方位拦截各类恶意邮件。

·零样本威胁检测能力:借助大模型的泛化推理能力,即使面对从未见过的新型恶意邮件,也能快速识别并拦截,无需依赖已知样本。

·攻击者画像构建能力:通过社交网络辅助的关联分析,构建攻击者画像,精准识别攻击者的特征和行为模式,提前预警并防范潜在威胁

Coremail邮件安全

Windows 11 quick machine recovery: Restoring devices with boot issues

Help Net Security
3 months 2 weeks ago

Microsoft has rolled out quick machine recovery, a new Windows feature aimed at preventing prolonged widespread outages like the one caused by a faulty CrowdStrike update in July 2024. The goal of the feature is to allow IT administrators to remotely execute targeted fixes on machines that are unable to boot. How does quick machine recovery work? “With system failures, devices can sometimes get stuck in the Windows Recovery Environment (Windows RE), severely impacting productivity … More →

The post Windows 11 quick machine recovery: Restoring devices with boot issues appeared first on Help Net Security.

Zeljka Zorz

CVE-2021-34958 | Foxit PDF Editor 11.0.0.49893 Text Annotation use after free (ZDI-21-1189)

Vuldb Updates
3 months 2 weeks ago
A vulnerability classified as critical has been found in Foxit PDF Editor 11.0.0.49893. This affects an unknown part of the component Text Annotation Handler. The manipulation leads to use after free. This vulnerability is uniquely identified as CVE-2021-34958. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2021-34959 | Foxit PDF Editor 11.0.0.49893 Square Annotation use after free (ZDI-21-1190)

Vuldb Updates
3 months 2 weeks ago
A vulnerability classified as critical was found in Foxit PDF Editor 11.0.0.49893. This vulnerability affects unknown code of the component Square Annotation Handler. The manipulation leads to use after free. This vulnerability was named CVE-2021-34959. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2021-34960 | Foxit PDF Editor 11.0.0.49893 Circle Annotation use after free (ZDI-21-1191)

Vuldb Updates
3 months 2 weeks ago
A vulnerability, which was classified as critical, has been found in Foxit PDF Editor 11.0.0.49893. This issue affects some unknown processing of the component Circle Annotation Handler. The manipulation leads to use after free. The identification of this vulnerability is CVE-2021-34960. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2021-34961 | Foxit PDF Editor 11.0.0.49893 Ink Annotation use after free (ZDI-21-1192)

Vuldb Updates
3 months 2 weeks ago
A vulnerability, which was classified as critical, was found in Foxit PDF Editor 11.0.0.49893. Affected is an unknown function of the component Ink Annotation Handler. The manipulation leads to use after free. This vulnerability is traded as CVE-2021-34961. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2021-34962 | Foxit PDF Editor 11.0.0.49893 Caret Annotation use after free (ZDI-21-1193)

Vuldb Updates
3 months 2 weeks ago
A vulnerability has been found in Foxit PDF Editor 11.0.0.49893 and classified as critical. Affected by this vulnerability is an unknown functionality of the component Caret Annotation Handler. The manipulation leads to use after free. This vulnerability is known as CVE-2021-34962. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2021-34963 | Foxit PDF Editor 11.0.0.49893 PolyLine Annotation use after free (ZDI-21-1194)

Vuldb Updates
3 months 2 weeks ago
A vulnerability was found in Foxit PDF Editor 11.0.0.49893 and classified as critical. Affected by this issue is some unknown functionality of the component PolyLine Annotation Handler. The manipulation leads to use after free. This vulnerability is handled as CVE-2021-34963. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2021-34964 | Foxit PDF Editor 11.0.0.49893 Polygon Annotation use after free (ZDI-21-1195)

Vuldb Updates
3 months 2 weeks ago
A vulnerability was found in Foxit PDF Editor 11.0.0.49893. It has been classified as critical. This affects an unknown part of the component Polygon Annotation Handler. The manipulation leads to use after free. This vulnerability is uniquely identified as CVE-2021-34964. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2021-34965 | Foxit PDF Editor 11.0.0.49893 Squiggly Annotation use after free (ZDI-21-1196)

Vuldb Updates
3 months 2 weeks ago
A vulnerability was found in Foxit PDF Editor 11.0.0.49893. It has been declared as critical. This vulnerability affects unknown code of the component Squiggly Annotation Handler. The manipulation leads to use after free. This vulnerability was named CVE-2021-34965. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2021-34966 | Foxit PDF Editor 11.0.0.49893 FileAttachment Annotation use after free (ZDI-21-1197)

Vuldb Updates
3 months 2 weeks ago
A vulnerability was found in Foxit PDF Editor 11.0.0.49893. It has been rated as critical. This issue affects some unknown processing of the component FileAttachment Annotation Handler. The manipulation leads to use after free. The identification of this vulnerability is CVE-2021-34966. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2021-34967 | Foxit PDF Editor 11.0.0.49893 Line Annotation use after free (ZDI-21-1198)

Vuldb Updates
3 months 2 weeks ago
A vulnerability has been found in Foxit PDF Editor 11.0.0.49893 and classified as critical. Affected by this vulnerability is an unknown functionality of the component Line Annotation Handler. The manipulation leads to use after free. This vulnerability is known as CVE-2021-34967. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

Managed ad