According to Barracuda, the percentage of HTML attachments rated malicious has more than doubled from 21% in May last year to nearly 46% in March 2023.
While Hypertext Markup Language (HTML) is commonly used for email newsletters, marketing collateral, and other types of content, security vendors have used it for phishing, credential theft, and other messaging threats. warned that it is also a popular tool for
“Once the recipient opens the HTML file, multiple redirects through JavaScript libraries hosted elsewhere lead them to attacker-controlled phishing sites and other malicious content. Users are prompted for credentials in order to access information or download files that may contain malware,” explains Barracuda CTO Fleming Shi.
“However, in some cases Barracuda researchers have seen, the HTML files themselves contain advanced malware embedded with full malicious payloads, including powerful scripts and executables. The attack technique has become more prevalent than the technique of using an externally hosted JavaScript file.”
For more information on HTML threats, see Phishers use blank images to disguise malicious attachments.
Shi argued that HTML threats are becoming more prevalent through individual attacks rather than a limited number of large-scale campaigns.
“On March 7, we detected a total of 672,145 malicious HTML artifacts, including 181,176 different items. , and the rest was repetition or mass deployment of those files,” he said.
“However, on March 23, nearly nine out of ten (85%) of the total 475,938 malicious HTML artifacts were unique, meaning that nearly all attacks were different. To do.”
This surge in activity means that HTML attachments remain the most common malicious file type in email threats this year, Barracuda said.
“Ensuring proper security is as important as ever. This is not only about scanning links and attachments, but also effective AI-powered emails that can assess the content and context of emails. It means putting protection in place,” Shi argued.
“Other key elements include implementing robust multi-factor authentication or, ideally, zero trust access controls. Having automated tools to respond to any attack and remediate its impact. Train people to spot and report suspicious messages.”
