Researchers warn that attackers are relying more on malicious HTML files in their attacks, with malicious files now accounting for half of all HTML attachments sent via email. This prevalence rate of malicious HTML is double what it was last year and does not appear to be the result of mass attack campaigns sending the same attachment to large numbers of people.
“When it comes to attack tactics and tools, just because something has been around for a while doesn’t seem to make it any less powerful,” researchers from security firm Barracuda Networks said in a new report. “Attackers continue to use malicious HTML because it works. Getting the security right is as important now as it’s ever been, if not more so.”
Why is HTML the favorite of attackers?
HTML, the standard markup language for displaying web content, has many legitimate uses within email communications. For example, business users often receive reports that various applications and tools generate and send via email. This does not make them suspicious when they see this attachment type, and the attachment type cannot be completely banned by email security gateway filters.
HTML is also flexible about what types of attacks it can enable. One of the most common use cases is credential phishing with attackers crafting HTML attachments that, when opened, masquerade as a login page for various services. This can also be dynamic, with the HTML including JavaScript code that redirects the user to a phishing site. Imagine receiving an email that looks like an automated notification for a DHL package, opening the HTML attachment and seeing a copy of the DHL login page.
In other cases, HTML attachments include links and decoys that attempt to convince users to download a secondary file that is actually a malware payload. The advantage for attackers is that this method of malware delivery has a much higher chance of bypassing the email attachments“>email security gateway compared to attaching a malware payload directly within an archive zip or as a different file type. Since the bait is now in front of the user, if they agree to download the file locally to their computer, it is up to the endpoint protection solution to detect it, so the attackers have already defeated the first layer of defense.
“However, in some cases seen by Barracuda researchers, the HTML file itself includes sophisticated malware that has the full payload embedded, including powerful, executable scripts,” the researchers said. “This attack technique is being used more widely than those involving externally hosted JavaScript files.”
The prevalence of malicious HTML attachments
Barracuda used its telemetry to perform an analysis in May 2022 and found that 21% of HTML attachments scanned by its products that month were malicious. This was by far the highest malicious-to-clean ratio of any type of file sent via email, but has steadily worsened since then, reaching 45.7% in March of this year.
So for anyone who receives an HTML attachment in email right now, there’s a one in two chance it’s malicious. However, to ensure that the data is not skewed by some mass attacks, the researchers also analyzed the uniqueness of the files.
The researchers chose two dates from January to March where large spikes in malicious HTML files were detected, suggesting possible mass attacks. As of March 7, the company’s products scanned 672,145 malicious HTML artifacts of which 181,176 were unique, meaning around a quarter of attachments were the result of unique attacks. For the second peak, on March 23, things were much worse. Of the 475,938 malicious HTML detections, 85%, or nearly nine out of ten, were unique.
“Protection against HTML-based malicious attacks should consider all e-mail that carries HTML attachments, examining all redirects and analyzing the e-mail content for malicious intent,” the researchers said.
How to mitigate malicious HTML attachments
The company’s recommendation is to choose email security solutions that can evaluate the entire context of the email and not just the content of attachments. It is also very important to train employees to detect and report malicious HTML attachments and to be wary of such attachments from unknown sources. It is also important for the company to have incident response tools and processes in place to remove an attachment from all mailboxes it may have reached once it has been flagged as malicious by the security team.
Using two-factor authentication along with zero-trust access solutions that evaluate not only credentials, but also the user’s device, location, time zone, and history can limit breaches even if users are victims of phishing and credential theft. Accounts should also have post-login tracking that can alert the security team if any suspicious behavior is detected.
Copyright © 2023 IDG Communications, Inc.
Source link
Attacks on organisations and individuals are becoming increasingly sophisticated and more malicious, as more and more people share data over the internet. One common vector for such attacks is malicious HTML email attachments. At Ikaroa, we understand the importance of being proactive about preventing attacks by understanding what malicious HTML email attachments are and how to protect yourself from them.
Malicious HTML email attachments are HTML files sent as email attachments that contain malicious code. When the user opens the attachment, the code is executed, allowing the attacker to take control of the user’s system. In some cases, a malicious HTML attachment can even install a backdoor, allowing attackers to gain remote access to a system.
In order to protect yourself from HTML email attachments, it is important to be aware of the signs of malicious HTML emails. Some signs to look out for include: links to suspicious websites, embedded images, links to websites with suspicious domain names, and files with strange file extensions. Additionally, it is important to ensure that your email client’s security settings are up to date and that you are using a strong password.
At Ikaroa, we understand the importance of data security and strive to provide our clients with the best tools to protect their data. One way we do this is by providing an email security solution powered by machine learning algorithms. This solution is designed to detect and recognize malicious attachments and stop them from reaching the inbox.
Given the increasing sophistication of malicious HTML email attachments, it is important that both businesses and individuals take steps to protect their data. At Ikaroa, we are committed to helping our clients secure their data by providing them with the tools and solutions to do just that.
