HP Wolf Security

Email remained the top vector for delivering malware, accounting for 61% of threats caught by HP Sure Click in Q2 2025. This was a 1 percentage point drop compared to Q1 2025.

In Q2 2025, 13% of malicious emails (phishing, malware, etc.) were not blocked by the email gateway security system. This is 1 percentage point higher than in Q1 2025.

In Q2 2025, 40% of all detected cyber threats (malware, phishing payloads, etc.) were sent inside archive files (like .zip, .rar, .7z). This share is 2 percentage points higher than in Q1 2025.

Malicious spreadsheets (e.g., XLS, XLSX) totaled 4% of threats in Q2 2025, showing a 2 percentage point drop from Q1 2025.

PDF files were responsible for 8% of threats in Q2 2025, a 2 percentage point fall compared to Q1 2025.

Executables and scripts were the second most popular delivery type, making up 35% of threats in Q2 2025, a 1 percentage point growth from Q1 2025.

Documents, such as Microsoft Word formats (e.g., DOC, DOCX), accounted for 9% of threats in Q2 2025, growing by 1 percentage point over the previous quarter.

Malicious web browser downloads made up 23% of threats in Q2 2025, with no change compared to Q1 2025.

Threats delivered by other vectors, such as removable media, slightly grew by 1 percentage point in Q2 2025 compared to the previous quarter, reaching 16% of threats.

More than half (51%) of IT and security decision-makers cannot confirm if a printer has been tampered with in the factory or in transit once it arrives.

On average, IT and security decision-makers report having approximately 80 printers that are redundant or are in the process of being decommissioned within their organizations.

36% of IT and security decision-makers apply firmware updates promptly during the Ongoing Management stage.

IT teams spend 3.5 hours per printer per month managing hardware and firmware security issues.

35% of IT and security decision-makers are uncertain whether printers can be fully and safely wiped using current sanitisation solutions.

86% of IT and security decision-makers say data security is a barrier to printer reuse, resale, or recycling.

1-in-10 (10%) of IT and security decision-makers insist on destroying both the device and its storage drives to ensure data security.

Only 32% of IT and security decision-makers can detect security events linked to hardware-level attacks.

60% of IT and security decision-makers warn that a lack of collaboration between procurement, IT, and security puts their organization at risk.

1-in-4 (25%) of IT and security decision-makers believe it’s necessary to physically destroy printer storage drives.

54% of IT and security decision-makers fail to request technical documentation to validate security claims.

55% of IT and security decision-makers fail to submit vendor responses to security teams for review.

Only 38% of IT and security decision-makers say procurement, IT, and security collaborate to define printer security standards during the Supplier Selection & Onboarding stage.

42% of IT and security decision-makers fail to involve IT/security teams in vendor presentations.

Only 35% of IT and security decision-makers are able to identify vulnerable printers based on newly published hardware or firmware vulnerabilities.

Only 34% of IT and security decision-makers can track unauthorized hardware changes made by users or support teams.

70% of IT and security decision-makers are increasingly worried about offline threats, such as employees printing and mishandling sensitive company information.

In Q4 2024, archives were the second most popular malware delivery file type with 32% of threats

Malicious PDF documents were the third most popular threat file type isolated by HP Sure Click in Q4 2024

11% of email threats evaded gateway security in Q4 2024

The popularity of executables and scripts as a malware delivery type saw a 3% point rise over Q3 2024

More than half (53%) of threats targeting endpoints were delivered by email in Q4 2024

Threats delivered in PDF documents accounted for 10% in Q4 2024

In Q4 2024, executables and scripts retained first place as the most popular malware delivery type with 43% of threats caught by HP Sure Click

In Q4 2024, HP threat researchers saw a growth in social engineering campaigns that rely on fake CAPTCHA challenges to infect users with malware

8% of threats relied on documents such as Microsoft Word formats (e.g. DOC, DOCX) in Q4 2024

Malicious spreadsheets (e.g. XLS, XLSX) totalled 3% of threats in Q4 2024

10% of threats were PDF files in Q4 2024

Of detected email threats, 11% were able to bypass email gateway scanners in Q3 2024, a 1% decrease compared to Q2 2024.

Malicious spreadsheets (e.g. XLS, XLSX) totaled 7% of threats detected in Q3 2024.

Email was the primary method for delivering malware to endpoints, accounting for 52% of threats in Q3 2024. This represents a 9% decrease compared to Q2 2024.

Executables and scripts were the most popular type of malware delivery file, making up 40% of threats in Q3 2024. This is a 5% point increase compared to Q2 2024.

8% of detected threats in Q3 2024 relied on documents such as Microsoft Word formats (e.g. DOC, DOCX).

PDF files were responsible for 9% of threats detected in Q3 2024, showing a 2% point rise compared to Q2 2024.

Archive files were the second most popular file type for malware delivery in Q3 2024, accounting for 34% of threats. The top five archive file formats used were ZIP, RAR, LZH, 7Z, and GZ3.

Web browser downloads were the second most common malware delivery method to endpoints, responsible for 28% of threats in Q3 2024. This is a 10% increase compared to Q2 2024.

Threats delivered by other vectors (such as removable media) to endpoints accounted for 20% of threats in Q3 2024, a 1% decrease compared to the previous quarter.