- 23% HTML attachments are malicious, research from Barracuda finds
- These are often used for phishing or credential stealing
- PDFs are much less likely to be harmful
New research from Barracuda has revealed that a staggering 23% of HTML attachments are marked as malicious, making HTML the most weaponized file type – making up over three quarters of malicious files detected, despite a low total volume.
Attackers are increasingly using HTML files for phishing by embedding malicious scripts to redirect victims to fake login pages that are created in order to steal credentials or trick users into downloading malware.
The research also shows that PDFs are less likely to be malicious, despite being the most frequently shared file type via email attachments. Only 0.13% of PDFs were found to be harmful, but they are starting to more often contain deceptive links to trick readers onto credential harvesting sites.
Takeover threats
Worryingly, 87% of binaries that were detected were malicious, which outlines the need for strict policies against executable files being sent through email. The researchers warn that “since executables can directly install malware, security teams should consider blocking binaries (unless they are absolutely necessary) and ensure all downloads are scanned before execution.”
A fifth of companies experience at least one account takeover incident per month, with criminals gaining access by exploiting weak or reused passwords, phishing, or credential stuffing – all very common tactics that are on the rise, and hackers are getting better at smuggling phishing emails past cybersecurity defenses, so be wary.
Of these account takeover attacks, 27% involved a ‘suspicious rule change’, such as auto-deleting incoming security alerts, or setting up email forwarding to an external address – helping attackers ‘maintain persistence and avoid detection’.
“As threats evolve, so should your organization’s protection,” Barracuda advises.
“Scammers are adapting their tactics to bypass gateways and spam filters, so it’s critical to have a solution in place that detects and protects against targeted phishing attacks. Supplement your gateways with AI-powered cloud email security technology that doesn’t solely rely on looking for malicious links or attachments.”
