A rising variety of emails are arriving loaded with malicious or dangerous HTML attachments, new analysis has warned.
A report from Barracuda discovered virtually half (46%) of HTML attachment in emails it scanned was discovered to be malicious. Barracuda says the Hypertext Markup Language (HTML) is rising more and more standard in phishing, credential theft, and different types of cyberattacks.
“If a recipient opens the HTML file, a number of redirects through JavaScript libraries hosted elsewhere will take them to a phishing website or different malicious content material managed by the attackers. Customers are then requested to enter their credentials to entry data or obtain a file that will include malware (opens in new tab),” Barracuda CTO, Fleming Shi, stated in a weblog put up (opens in new tab).
Phishing risk
“Nonetheless, in some instances seen by Barracuda researchers, the HTML file itself contains refined malware which has the entire malicious payload embedded inside it, together with potent scripts and executables. This assault method is changing into extra extensively used than these involving externally hosted JavaScript information.”
The CTO additionally stated that the HTML threats are being distributed through numerous particular person assaults, somewhat than a handful of mass occasions.
“On March 7, there have been 672,145 malicious HTML artifacts detected in whole, comprising 181,176 totally different gadgets. Because of this round 1 / 4 (27%) of the detected information have been distinctive and the remainder have been repeat or mass deployments of these information,” Shi stated. “Nonetheless, on March 23, virtually 9 in ten (85%) of the entire 475,938 malicious HTML artifacts have been distinctive – which implies that virtually each single assault was totally different.”
The figures are pointing to HTML attachments remaining probably the most widespread methods to ship malware by e mail, the weblog concludes, saying that it’s pivotal for companies to have the fitting safety options arrange. “This implies having efficient, AI-powered e mail safety in place that may consider the content material and context of an e mail past scanning hyperlinks and attachments,” it was stated.
Multi-factor authentication, zero-trust entry controls, in addition to automation in response and assault remediation, can also be important to any group’s cybersecurity tech stack, proper subsequent to worker coaching, Shi concluded.
#HTML #attachments #safety #threat #heres
#geekleap #geekleapnews
