Malicious HTML attachments double within the final 12 months

Final Could, 21 % of all HTML attachments scanned had been malicious. Ten months on, that determine has greater than doubled with 45.7 % of scanned HTML information discovered to be malicious in March 2023.

This discovering comes from the most recent Menace Highlight report from Barracuda Networks, which exhibits that not solely is the general quantity of malicious HTML attachments rising, they continue to be the file kind almost certainly for use for malicious functions.

Attackers can efficiently leverage HTML as an assault method through the use of well-crafted messages and/or compromised web sites and malicious HTML file attachments to trick customers.

In a few of instances seen by Barracuda researchers, the HTML file itself contains subtle malware which has the whole malicious payload embedded inside it, together with potent scripts and executables. This assault method is changing into extra broadly used than these involving externally hosted JavaScript information.

Evaluating the overall variety of malicious HTML detections with what number of distinctive information had been detected, it turns into clear that the rising quantity of malicious information isn’t merely the results of a restricted variety of mass assaults, however that of many various assaults every utilizing specifically crafted information.

“The safety business has been highlighting the cybercriminal weaponizing of HTML for years — and proof suggests it stays a profitable and standard assault software,” says Fleming Shi, chief expertise officer at Barracuda. “Getting the best safety in place is as necessary now because it has ever been. This implies having efficient, AI-powered electronic mail safety in place that may consider the content material and context of an electronic mail past scanning hyperlinks and attachments. Different necessary parts embrace implementing sturdy multi-factor authentication or — ideally — Zero Belief Entry controls; having automated instruments to reply to and remediate the affect of any assault; and coaching individuals to identify and report suspicious messages.”

Barracuda has revealed a information to electronic mail menace sorts and how one can defend towards them. You will get the total Menace Highlight on the corporate’s weblog.

Picture credit score: Rawpixel/depositphotos.com