HTML attachments are commonly used in email communication. They are particularly common in system-generated e-mail reports that users receive in order to be directed to the actual report via a link. Dangerous: because this is where malicious phishing links are hiding more and more often. In this way, companies can protect themselves better. A comment from Dr. Klaus Gheri, General Manager Network Security at Barracuda.
In an attack, hackers often take advantage of this form of email, embedding HTML attachments in emails disguised as reports to trick victims into clicking phishing links. This makes it easy for cybercriminals to circumvent anti-spam and anti-virus policies because they no longer need to insert malicious links in the body of an email.
20 percent of HTML attachments are dangerous
🔎 In email, HTML attachments are the most dangerous (Image: Barracuda).
HTML email attachments are the most commonly used for malicious purposes compared to other types of email attachments, according to recent research by Barracuda. This showed that 21 percent of all HTML attachments scanned by the security analysts were malicious. Below is a closer look at HTML attachment attacks and what organizations can do to protect against these types of attacks.
Various attack variants with HTML attachments
There are several ways hackers use HTML attachments. First, malicious HTML attachments can contain a link to a phishing website. A Java script is used when opening the HTML file. This redirects to a third-party machine and the user is prompted for their credentials to either access information or download a file that may contain malware.
However, hackers don't always need to build a fake website. You can also create a phishing form embedded directly in the attachment, allowing you to send phishing pages as an attachment instead of a link.
These attacks are difficult to detect because HTML attachments themselves are not malicious. The attackers don't inject malware into the attachment, but use multiple redirects with java script libraries hosted elsewhere. To protect against these attacks, the security solution used should therefore consider all emails with HTML attachments, check all forwardings and analyze the content of the email for malicious intent.
HTML attachments: How businesses can protect themselves
🔎 The example shows a fake email including a phishing page (Image: Barracuda).
Detection of attacks with HTML attachments
It should be ensured that the email security solution used scans and blocks malicious HTML attachments. These are often difficult to detect, and detection often results in a large number of false alarms. The best security solutions use machine learning and static code analysis that assess the content of an email, not just the attachment.
Employee training
Businesses should train their users to recognize and report potentially malicious HTML attachments. Given the scope of this type of attack, users should be wary of all HTML attachments, especially those coming from sources they have never seen. Security leaders should include examples of such attacks in their phishing simulation campaigns and train users to always double-check that a request is legitimate before sharing their credentials.
Automated incident response
When a malicious email does make it into a user's inbox, security teams should have tools to quickly identify and remove all malicious email from inboxes. Automated incident response can help do this quickly before attacks spread throughout the organization. An account takeover protection solution can also monitor suspicious account activity and alert if credentials are compromised.
Social engineering attacks using phishing emails remain one of the top threat vectors to corporate security. However, with a multi-layered approach of modern security technologies and extensive employee training, companies can significantly reduce the risk of these attacks.
More at Barracuda.com
Via Barracuda Networks Striving to make the world a safer place, Barracuda believes that every business should have access to cloud-enabled, enterprise-wide security solutions that are easy to purchase, implement and use. Barracuda protects email, networks, data and applications with innovative solutions that grow and adapt as the customer journey progresses. More than 150.000 companies worldwide trust Barracuda to help them focus on growing their business. For more information, visit www.barracuda.com.