When used legitimately, HTML attachments in emails enable organizations to share content, such as newsletters or invitations, that display properly when opened in an email client or web browser.
But a new report from Barracuda reveals that 23 percent of HTML attachments are malicious, making them the most weaponized text file type. Overall more than three-quarters of the malicious files detected overall were HTML, and 24 percent of email messages overall are now unwanted or malicious spam.
“Email remains the most common attack vector for cyberthreats because it provides an easy entry point into corporate networks,” says Olesia Klevchuk, product marketing director, Email Protection at Barracuda. “Malicious email attachments, QR codes and URLs are used by attackers to distribute malware, launch phishing campaigns and exploit vulnerabilities. Many organizations increase their risk level by failing to implement DMARC, making it possible for attackers to impersonate their brand and implement fraudulent attacks. Organizations need to mitigate the risks by implementing best practice industry standards and adopting a multi-layered approach to email security, leveraging AI-driven threat detection to spot attacks hidden in attachments and malicious websites.”
Among other findings, 68 percent of malicious PDF attachments and 83 percent of malicious Microsoft documents contain QR codes designed to take users to phishing websites. Bitcoin sextortion scams account for 12 percent of malicious PDF attachments too.
The report finds 20 percent of organizations have experienced at least one attempted or successful account takeover (ATO) incident per month, with attackers typically trying to gain access through phishing, credential stuffing or by exploiting weak or reused passwords.
Implementation of DMARC to protect against unauthorized use, including spoofing and impersonation attacks is still lagging, the findings show 47 percent of email domains don’t have it configured.
You can find out more and get the full report on the Barracuda blog.
Image credit: Rawpixel/depositphotos.com
