A rising variety of emails are arriving loaded with malicious or dangerous HTML attachments, new analysis has warned.

A report from Barracuda discovered nearly half (46%) of HTML attachment in emails it scanned was discovered to be malicious. Barracuda says the Hypertext Markup Language (HTML) is rising more and more fashionable in phishing, credential theft, and different types of cyberattacks. 

“If a recipient opens the HTML file, a number of redirects by way of JavaScript libraries hosted elsewhere will take them to a phishing website or different malicious content material managed by the attackers. Customers are then requested to enter their credentials to entry data or obtain a file that will include malware (opens in new tab),” Barracuda CTO, Fleming Shi, stated in a weblog put up (opens in new tab).

Phishing risk

“Nonetheless, in some circumstances seen by Barracuda researchers, the HTML file itself consists of refined malware which has the entire malicious payload embedded inside it, together with potent scripts and executables. This assault method is changing into extra extensively used than these involving externally hosted JavaScript information.”

The CTO additionally stated that the HTML threats are being distributed by way of numerous particular person assaults, somewhat than a handful of mass occasions. 

“On March 7, there have been 672,145 malicious HTML artifacts detected in whole, comprising 181,176 totally different gadgets. Which means that round 1 / 4 (27%) of the detected information had been distinctive and the remainder had been repeat or mass deployments of these information,” Shi stated. “Nonetheless, on March 23, nearly 9 in ten (85%) of the full 475,938 malicious HTML artifacts had been distinctive – which implies that nearly each single assault was totally different.”

The figures are pointing to HTML attachments remaining one of the crucial frequent methods to ship malware by means of e mail, the weblog concludes, saying that it’s pivotal for companies to have the precise safety options arrange. “This implies having efficient, AI-powered e mail safety in place that may consider the content material and context of an e mail past scanning hyperlinks and attachments,” it was stated.

Multi-factor authentication, zero-trust entry controls, in addition to automation in response and assault remediation, can also be important to any group’s cybersecurity tech stack, proper subsequent to worker coaching, Shi concluded.

• Take a look at the very best endpoint safety (opens in new tab) instruments proper now