Malicious HTML attachments double in the last year

No Comments
email attachment

Last May, 21 percent of all HTML attachments scanned were malicious. Ten months on, that figure has more than doubled with 45.7 percent of scanned HTML files found to be malicious in March 2023.

This finding comes from the latest Threat Spotlight report from Barracuda Networks, which shows that not only is the overall volume of malicious HTML attachments increasing, they remain the file type most likely to be used for malicious purposes.

Attackers can successfully leverage HTML as an attack technique by using well-crafted messages and/or compromised websites and malicious HTML file attachments to trick users.

In some of cases seen by Barracuda researchers, the HTML file itself includes sophisticated malware which has the complete malicious payload embedded within it, including potent scripts and executables. This attack technique is becoming more widely used than those involving externally hosted JavaScript files.

Comparing the total number of malicious HTML detections with how many unique files were detected, it becomes clear that the growing volume of malicious files is not simply the result of a limited number of mass attacks, but that of many different attacks each using specially crafted files.

"The security industry has been highlighting the cybercriminal weaponizing of HTML for years -- and evidence suggests it remains a successful and popular attack tool," says Fleming Shi, chief technology officer at Barracuda. "Getting the right security in place is as important now as it has ever been. This means having effective, AI-powered email protection in place that can evaluate the content and context of an email beyond scanning links and attachments. Other important elements include implementing robust multi-factor authentication or -- ideally -- Zero Trust Access controls; having automated tools to respond to and remediate the impact of any attack; and training people to spot and report suspicious messages."

Barracuda has published a guide to email threat types and how to defend against them. You can get the full Threat Spotlight on the company's blog.

Image credit: Rawpixel/depositphotos.com

No Comments

Comments are closed.

Got News? Contact Us

Recent Headlines

Canonical releases Ubuntu Linux 24.04 LTS 'Noble Numbat'

New tool lets enterprises build their own secure gen AI chatbots

Younger women are going into cybersecurity but more needs to be done

Politically motivated DDoS attacks on the rise

TCL 50 XL 5G Android smartphone hits Metro by T-Mobile: Big features, small price

The increasing sophistication of synthetic identity fraud

The NIST/NVD situation and vulnerability management programs

Most Commented Stories

Say goodbye to Microsoft Windows 11 and hello to Nitrux Linux 3.4.0 'pl'

62 Comments

The stunning Windows 13 -- yes, 13! -- is the Microsoft operating system we want

22 Comments

Microsoft 'improves' Windows 11 by bringing ads to the Start menu in the US

21 Comments

Microsoft is up to its old tricks yet again -- Windows 10 users harassed with full-screen Windows 11 upgrade warnings

18 Comments

Outrageous: Microsoft to charge $61 for Windows 10 updates -- consider switching to Linux!

18 Comments

Windows 11 slammed for its 'comically bad' performance even on high-end hardware

18 Comments

Microsoft releases preview version of Office 2024 for Windows and macOS -- download it now!

17 Comments

Easter giveaway! Get a licensed copy of 'VideoProc Converter for Windows/Mac' (worth $78.90) for FREE

10 Comments

© 1998-2024 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.