SIITF
SNA

HOME
NEWS

Barracuda researchers discover malicious HTML attachments being used in emails

Barracuda researchers discover malicious HTML attachments being used in emails

Researchers at Barracuda have recently analyzed data on the millions of attachments scanned by Barracuda systems over the past month to identify HTML attachments being used the most for malicious purposes. 21% of all HTML attachments scanned by Barracuda were malicious.

 

HTML attachments are commonly used in email communication. These are particularly common in system-generated email reports that users might receive regularly. These messages include URL links to the actual report. Attackers have been embedding HTML attachments in emails disguised as a weekly report, tricking users into clicking on phishing links. These are successful techniques because hackers no longer need to include malicious links in an email, allowing them to easily bypass anti-spam and anti-virus policies.

 

The malicious HTML attachments are being used for credential phishing. They include a link to a phishing site, which, when opened, gets redirected to a third-party machine that requests the users to enter their credentials to access information or download a file that may contain malware. Hackers don’t always need to create a fake website. They can create a phishing form directly embedded in the attachment, ultimately sending phishing sites as attachments instead of links.

 

“These attacks are difficult to detect because HTML attachments themselves are not malicious. Attackers do not include malware in the attachment but instead use multiple redirects with Javascript libraries hosted elsewhere. Potential protection against these attacks should take into account an entire email with HTML attachments, looking at all redirects and analyzing the content of the email for malicious intent,” said Parag Khurana, Country Manager, Barracuda Networks India.

 

Considering such HTML attachments are hard to identify accurately, and detection often includes many false positives, the best solutions are machine learning and static code analysis that can evaluate the content of an email to identify and block malicious HTML attachments.

 

Meanwhile, given the volume of these attacks, users should be wary of all HTML attachments, especially those coming from sources they haven’t seen before. They must be trained with examples of these attacks as part of their phishing simulation campaigns and urged to always double-check before sharing their login credentials.

 

In case, malicious emails get through, it is necessary to keep the post-delivery remediation tools ready to quickly identify and remove any instances of those emails from all user inboxes. Automated incident response can help do this quickly before attacks spread through an organization, and account takeover protection can monitor and alert the users of suspicious account activity if login credentials were to be compromised.

See What’s Next in Tech With the Fast Forward Newsletter

SECURITY
View All
FortiGuard Labs forecasts Generative AI and CaaS operations to facilitate cyberattacks
Technology

FortiGuard Labs forecasts Generative AI and CaaS operations to facilitate cyberattacks

by VARINDIA 2023-11-29
77% Organizations Fall Victim to Repeated Cyberattacks: Trellix
Technology

77% Organizations Fall Victim to Repeated Cyberattacks: Trellix

by VARINDIA 2023-11-28
Trellix Detects Collaboration by Cybercriminals and Nation-States
Technology

Trellix Detects Collaboration by Cybercriminals and Nation-States

by VARINDIA 2023-11-23
SOFTWARE
View All
HPE boosts business transformation with new AI-native architecture and hybrid cloud solutions
Technology

HPE boosts business transformation with new AI-native architecture and hybrid cloud solutions

by VARINDIA 2023-12-01
Kyndryl extends partnership with AWS to accelerate mainframe application modernization for Customers
Technology

Kyndryl extends partnership with AWS to accelerate mainframe application modernization for Customers

by VARINDIA 2023-12-01
Tata Tele Business Services and Truecaller join hands to offer ‘Verified Business Caller ID Solution’
Technology

Tata Tele Business Services and Truecaller join hands to offer ‘Verified Business Caller ID Solution’

by VARINDIA 2023-11-30
START - UP
View All
NeevCloud launches the country’s first Made in India AI SuperCloud
Technology

NeevCloud launches the country’s first Made in India AI SuperCloud

by VARINDIA 2023-11-23
ZEE & nasscom forge partnership to support Generative AI Startups
Technology

ZEE & nasscom forge partnership to support Generative AI Startups

by VARINDIA 2023-11-23
Startup Odisha Spotlights 20 Startups at Day 1 of FundStack 3.0
Technology

Startup Odisha Spotlights 20 Startups at Day 1 of FundStack 3.0

by VARINDIA 2023-11-22

Tweets From @varindiamag

CIO - SPEAK
Automation has the potential to greatly improve efficiency and production

Automation has the potential to greatly improve efficiency and production

by VARINDIA
Various approaches are followed to enhance efficiency, productivity, and cost-effectiveness

Various approaches are followed to enhance efficiency, productivity, and cost-effectiveness

by VARINDIA
Technology can be leveraged in several ways to boost efficiency, productivity and reduce cost

Technology can be leveraged in several ways to boost efficiency, productivity and reduce cost

by VARINDIA
Start-Up and Unicorn Ecosystem
Mystifly to transform travel technology with Google Cloud

Mystifly to transform travel technology with Google Cloud

by VARINDIA
Affle strengthens its global tech IP portfolio with 15 patents

Affle strengthens its global tech IP portfolio with 15 patents

by VARINDIA
Noventiq rolls out Weaver Peer, a knowledge-based AI assistant

Noventiq rolls out Weaver Peer, a knowledge-based AI assistant

by VARINDIA
Oracle supports healthcare organizations with new capabilities

Oracle supports healthcare organizations with new capabilities

by VARINDIA
NetApp renews its partnership with Microsoft

NetApp renews its partnership with Microsoft

by VARINDIA
Varonis expands its Generative AI capabilities with launch of Athena AI

Varonis expands its Generative AI capabilities with launch of Athena AI

by VARINDIA
Mika named as the world's first robot CEO

Mika named as the world's first robot CEO

by VARINDIA
Technicolor Creative Studios integrates Dell infrastructure solutions for IT transformation

Technicolor Creative Studios integrates Dell infrastructure solutions for IT transformation

by VARINDIA
Katonic AI and Mindfields Global Join Forces to Integrate Automation with GenAI

Katonic AI and Mindfields Global Join Forces to Integrate Automation with GenAI

by VARINDIA
Spirent and Cadence partner to offer advanced chipset testing

Spirent and Cadence partner to offer advanced chipset testing

by VARINDIA