Malicious HTML attachments double since 2022

HTML attacks can be tricky to detect

Businesses in Asia-Pacific could find themselves vulnerable to attack via HTML attachment, as the proportion of malicious files doubles in less than 12 months, according to the most recent Threat Spotlight from Barracuda, a trusted partner and leading provider of cloud-enabled security solutions.

Analysing millions of messages and files scanned by Barracuda’s security technologies in APAC and across the globe, the new report shows how in March 2023 just under half (45.7 per cent) of all HTML attachments scanned by Barracuda were malicious, more than double the proportion (21 per cent) reported in May last year.

HTML stands for Hypertext Markup Language and is used to create and structure content that is displayed online. It is also used in email communication – for example in automated newsletters, marketing materials, and more. In many cases, reports are attached to an email in HTML format (with the file extension .html, .htm or .xhtml, for example). Attackers can successfully leverage HTML as an attack technique in phishing and credential theft or for the delivery of malware.

According to Barracuda’s Threat Spotlight, not only is the overall volume of malicious HTML attachments increasing, but almost a year on from Barracuda’s last report, HTML attachments remain the file type most likely to be used for malicious purposes.

HTML attacks can be tricky to detect, as instead of hackers having to include malicious links in the body of an email, which would be detected, attackers instead work to embed HTML attachments within emails disguised as weekly reports and other generic work email types, as a way to trick users into clicking on phishing links. From there, user credentials can be phished by a third-party machine, whether via a phishing site or a phishing form embedded in the attachment.

“The security industry has been highlighting the trend of cybercriminals weaponising HTML for years – and evidence suggests it remains a successful and popular attack tool,” said Fleming Shi, Chief Technology Officer, Barracuda.

“Getting the right security in place is as important now as it has ever been. This means having effective, AI-powered email protection in place that can evaluate the content and context of an email beyond scanning links and attachments. Other important elements include implementing robust multifactor authentication or – ideally – Zero Trust Access controls; having automated tools to respond to and remediate the impact of any attack; and training people to spot and report suspicious messages.”



Leave a Comment

Related posts