Having analysed data on millions of attachments scanned by Barracuda systems over the past month, Barracuda researchers found that HTML attachments were the most used for malicious purposes
Businesses in Asia-Pacific could find themselves vulnerable to attack via HTML attachment, with 21% of all HTML attachments analysed found to be malicious – according to Barracuda, a trusted partner and leading provider of cloud-first security solutions.
Having analysed data on millions of attachments scanned by Barracuda systems over the past month, Barracuda researchers found that HTML attachments were the most used for malicious purposes. Compared to other types of attachments, 21% of all HTML attachments were found to contain malicious links, with Script, PDF and other types trailing a way behind.
Commonly used in email communications, HTML attachments mostly accompany regular system-generated email reports, and often include URL links to the report itself. But because HTML attachments themselves are not malicious, they easily bypass basic anti-spam and anti-virus software.
The fact that HTML attachments are not scanned by anti-spam nor anti-virus solutions, makes such attacks more difficult to detect.
Instead of hackers having to include malicious links in the body of an email, which would be detected, attackers have been embedding HTML attachments within emails disguised as weekly reports, tricking users into clicking on phishing links. From there, user credentials can be phished by a third-party machine, whether via a phishing site or a phishing form embedded in the attachment.
Barracuda advises that potential protection against these attacks should take into account an entire email with HTML attachments, looking at all redirects and analysing the content of the email for malicious intent.
“HTML attachments are not only widely used for system-generated email reports, but in themselves are not malicious, making such attacks more difficult to detect,” said Mark Lukie, Systems Engineer Manager, Asia-Pacific, Barracuda.
“Therefore, businesses should ensure that email protection scans and blocks malicious HTML attachments by leveraging machine learning and static code analysis to evaluate the content of an email and not just an attachment. It’s also important to train users to identify and report potentially malicious HTML attachments by including examples of these attacks as part of phishing simulation campaigns. And if malicious email does get through, have post-delivery remediation tools ready to quickly identify and remove any instances of malicious email from all user inboxes.”