New research conducted by Barracuda Networks, Inc. has found that HTML attachments are by far the most used by cybercriminals for malicious purposes. The company’s analysis of millions of email attachments over the past month revealed that one in five HTML attachments were malicious. By comparison, a meagre 0.03% and 0.009% of MS Office and PDF files respectively that were sent via the scanned emails were found to be malicious.
Explaining the growing popularity of HTML attachments as an attack vector, Toni El Inati – RVP Sales, META & CEE, Barracuda Networks said, “HTML attachments have become ubiquitous in email communications as they’re commonly used for system generated reports, updates and notifications. They often include hyperlinks which users have become accustomed to clicking without first checking to see the full URL. It’s no surprise then that attackers have been quick to exploit this trust. Moreover, these attachments mean that attackers no longer need to place malicious links in body of the email and therefore allow them to bypass traditional anti-spam and anti-virus policies with ease.”
In analysing the modus operandi of the cybercriminals perpetrating these attacks, Barracuda’s experts found credential phishing and malware to be primary motives. The research revealed that attackers commonly embed links to phishing or malicious websites within their HTML attachments. When opened, these HTML files use Java script to redirect users to third-party machines and request that they enter their credentials to access information, or download a file that may contain malware.
Barracuda’s researchers pointed out that these attacks are difficult to detect because the HTML attachments themselves are not malicious. Attackers do not include malware in the attachment itself but instead use multiple redirects with Java script libraries hosted elsewhere. Potential protection against these attacks must therefore consider the entire email along with its HTML attachments, looking at all redirects and analysing the content of the email for malicious intent.
The company’s cybersecurity experts also outlined key ways in which organisations can protect against the growing threat of malicious HTML attachments: