HTML attachments still cybercrooks’ best tool, attacks double

Businesses in the Asia-Pacific region could find themselves vulnerable to attack via HTML attachment, as the proportion of malicious files doubles in less than 12 months, according to the most recent Threat Spotlight from Barracuda.

Analysing millions of messages and files scanned by Barracuda’s security technologies in APAC and across the globe, the report shows how in March 2023 just under half (45.7%) of all HTML attachments scanned by Barracuda were malicious, more than double the 21% reported in May last year.

HTML (Hypertext Markup Language) is used to create and structure content that is displayed online and in email communication – for example in automated newsletters, marketing materials, and more. 

In many cases, reports are attached to an email in HTML format such as with the file extension .html, .htm or .xhtml. Attackers can successfully leverage HTML as an attack technique in phishing and credential theft or for the delivery of malware.

Barracuda found that not only is the overall volume of malicious HTML attachments increasing, but almost a year on from Barracuda’s last report, HTML attachments remain the file type most likely to be used for malicious purposes.

HTML attacks can be tricky to detect, as instead of hackers having to include malicious links in the body of an email, which would be detected, attackers instead work to embed HTML attachments within emails disguised as weekly reports and other generic work email types, as a way to trick users into clicking on phishing links. 

From there, user credentials can be phished by a third-party machine, whether via a phishing site or a phishing form embedded in the attachment. 

“The security industry has been highlighting the trend of cybercriminals weaponising HTML for years – and evidence suggests it remains a successful and popular attack tool,” said Fleming Shi, CTO Barracuda. 

Shi said getting the right security in place means having effective, AI-powered email protection in place that can evaluate the content and context of an email beyond scanning links and attachments. 

“Other important elements include implementing robust multifactor authentication or – ideally – Zero Trust Access controls; having automated tools to respond to and remediate the impact of any attack; and training people to spot and report suspicious messages,” Shi added.