Almost a quarter of HTML attachments are malicious, research finds

News
By published

A new study finds HTML files are the riskiest file type

URL phishing
(Image credit: Pixabay)
  • 23% HTML attachments are malicious, research from Barracuda finds
  • These are often used for phishing or credential stealing
  • PDFs are much less likely to be harmful

New research from Barracuda has revealed that a staggering 23% of HTML attachments are marked as malicious, making HTML the most weaponized file type - making up over three quarters of malicious files detected, despite a low total volume.

Attackers are increasingly using HTML files for phishing by embedding malicious scripts to redirect victims to fake login pages that are created in order to steal credentials or trick users into downloading malware.

The research also shows that PDFs are less likely to be malicious, despite being the most frequently shared file type via email attachments. Only 0.13% of PDFs were found to be harmful, but they are starting to more often contain deceptive links to trick readers onto credential harvesting sites.

Get Keeper Personal for just $1.67/month, Keeper Family for just $3.54/month, and Keeper Business for just $7/month.

Get Keeper Personal for just $1.67/month, Keeper Family for just $3.54/month, and Keeper Business for just $7/month.

Keeper generates and stores strong passwords so you never have to remember them again. Don’t let one weak password leave you exposed.

Preferred partner (What does this mean?)

View Deal

Takeover threats

Worryingly, 87% of binaries that were detected were malicious, which outlines the need for strict policies against executable files being sent through email. The researchers warn that “since executables can directly install malware, security teams should consider blocking binaries (unless they are absolutely necessary) and ensure all downloads are scanned before execution.”

A fifth of companies experience at least one account takeover incident per month, with criminals gaining access by exploiting weak or reused passwords, phishing, or credential stuffing - all very common tactics that are on the rise, and hackers are getting better at smuggling phishing emails past cybersecurity defenses, so be wary.

Of these account takeover attacks, 27% involved a ‘suspicious rule change’, such as auto-deleting incoming security alerts, or setting up email forwarding to an external address - helping attackers ‘maintain persistence and avoid detection’.

“As threats evolve, so should your organization’s protection,” Barracuda advises.

“Scammers are adapting their tactics to bypass gateways and spam filters, so it’s critical to have a solution in place that detects and protects against targeted phishing attacks. Supplement your gateways with AI-powered cloud email security technology that doesn’t solely rely on looking for malicious links or attachments.”

You might also like

Ellen Jennings-Trace
Ellen Jennings-Trace
Staff Writer

Ellen has been writing for almost four years, with a focus on post-COVID policy whilst studying for BA Politics and International Relations at the University of Cardiff, followed by an MA in Political Communication. Before joining TechRadar Pro as a Junior Writer, she worked for Future Publishing’s MVC content team, working with merchants and retailers to upload content.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.