1 in 5 HTML email attachments found to be malicious, Barracuda Research

News Desk -

Share

New research conducted by Barracuda Networks, Inc., a provider of cloud-first security solutions, has found that HTML attachments are by far the most used by cybercriminals for malicious purposes.

The company’s analysis of millions of email attachments over the last month revealed that 1 in 5 HTML attachments was malicious. In comparison, only 0.03% and 0.009% of MS Office and PDF files sent via scanned emails were found to be malicious.

Explaining the growing popularity of HTML attachments as an attack vector, Toni El Inati – RVP Sales, META & CEE, Barracuda Networks said, “HTML attachments have become ubiquitous in email communications as they’re commonly used for system-generated reports, updates, and notifications. They often include hyperlinks that users have become accustomed to clicking without first checking to see the full URL. It’s no surprise then that attackers have been quick to exploit this trust. Moreover, these attachments mean that attackers no longer need to place malicious links in body of the email and therefore allow them to bypass traditional anti-spam and anti-virus policies with ease.”

When Barracuda’s experts examined the tactics of the cybercriminals behind these attacks, they discovered that credential phishing and malware were the primary motivations.

According to the findings, attackers frequently embed links to phishing or malicious websites within their HTML attachments. When these HTML files are opened, Java script is used to redirect users to third-party machines and request that they enter their credentials in order to access information or download a file that may contain malware.

According to Barracuda’s researchers, these attacks are difficult to detect because the HTML attachments themselves are not malicious. Malware is not included in the attachment itself; instead, attackers use multiple redirects with Javascript libraries hosted elsewhere. Potential defenses against these attacks must therefore consider the entire email, including its HTML attachments, as well as all redirects and the email’s content for malicious intent.

The company’s cybersecurity experts also outlined key ways in which organisations can protect against the growing threat of malicious HTML attachments:

•          Ensure the organisation’s email protection scans and blocks malicious HTML attachments. These can be hard to identify accurately, and detection tools often include a large number of false positives. The best solutions will include machine learning and static code analysis that evaluate the content of an email and not just an attachment.

•          Train users to identify and report potentially malicious HTML attachments. Given the volume of these type of attacks, users should be wary of all HTML attachments, especially those coming from sources they haven’t seen before. Organisations should include examples of these attacks as part of their phishing simulation campaigns and train users to always double check before sharing their login credentials.

•          If malicious emails get through, have post delivery remediation tools ready. These must allow the organisation to quickly identify and remove any instances of malicious email from all user inboxes. Automated incident response can help do this quickly before attacks spread through an organisation, and account takeover protection can monitor and alert security teams of suspicious account activity if login credentials were to be compromised.


Leave a reply