HTML attachments are a bigger security risk than ever – here’s what you need to know

New research warns that more and more emails are arriving with malicious or harmful HTML attachments. Image

The number of malicious HTML attachments is growing

The Barracuda report found that almost half (46%) of the HTML attachments in the emails they scanned were malicious. Barracuda claims that Hypertext Markup Language (HTML) is increasingly being used in phishing, credential theft and other forms of cyberattacks.

“If the recipient opens the HTML file, multiple redirects via JavaScript libraries hosted elsewhere will lead them to a phishing site or other malicious content controlled by the attackers. Users will be asked to enter their credentials to access information or download a file that may contain malware,” Barracuda CTO Fleming Shi said in a blog post.

However, according to Shi, in some cases, the HTML file itself contains sophisticated malware that has a fully malicious payload embedded within it, including potent scripts and executables. This attack technique is becoming more widely used than those involving JavaScript files hosted externally.

The CTO also states that HTML threats are distributed through an infinite number of individual attacks, rather than a few mass events.

“7. In March, a total of 672,145 malicious HTML artifacts were detected, comprising 181,176 different items. This means that about a quarter (27%) of the detected files were unique, and the rest were duplicated or distributed in bulk. However, on March 23, nearly nine out of ten (85%) of the total 475,938 malicious HTML artifacts were unique, meaning that almost every attack was different,” Shi said.

Data indicates that HTML attachments remain one of the most common ways malware is delivered via email, the blog concluded, adding that it is critical that businesses have appropriate security solutions in place. “This means that it is necessary to have effective, AI-based email protection that can assess the content and context of emails.”

Multi-factor authentication, untrusted access controls, and response automation and attack mitigation are also essential to any organization’s cybersecurity technology stack, along with employee training, Shi concluded.

Source: Techradar

Source: PC Press by

*The article has been translated based on the content of PC Press by If there is any problem regarding the content, copyright, please leave a report below the article. We will try to process as quickly as possible to protect the rights of the author. Thank you very much!

*We just want readers to access information more quickly and easily with other multilingual content, instead of information only available in a certain language.

*We always respect the copyright of the content of the author and always include the original link of the source article.If the author disagrees, just leave the report below the article, the article will be edited or deleted at the request of the author. Thanks very much! Best regards!