Subj : Almost a quarter of HTML attachments are malicious, research find
To   : All
From : TechnologyDaily
Date : Tue Apr 29 2025 13:30:08

Almost a quarter of HTML attachments are malicious, research finds

Date:
Tue, 29 Apr 2025 12:29:00 +0000

Description:
Attackers are increasingly embedding malicious scripts into HTML files.

FULL STORY
======================================================================23% 
HTML attachments are malicious, research from Barracuda finds These are often 
used for phishing or credential stealing PDFs are much less likely to be 
harmful 

New research from Barracuda has revealed that a staggering 23% of HTML 
attachments are marked as malicious, making HTML the most weaponized file 
type - making up over three quarters of malicious files detected, despite a 
low total volume. 

Attackers are increasingly using HTML files for phishing by embedding 
malicious scripts to redirect victims to fake login pages that are created in 
order to steal credentials or trick users into downloading malware. 

The research also shows that PDFs are less likely to be malicious, despite 
being the most frequently shared file type via email attachments. Only 0.13% 
of PDFs were found to be harmful, but they are starting to more often contain 
deceptive links to trick readers onto credential harvesting sites. 

 Get Keeper Personal for just $1.67/month, Keeper Family for just 
$3.54/month, and Keeper Business for just $7/month. 

Keeper generates and stores strong passwords so you never have to remember 
them again. Dont let one weak password leave you exposed. 

 Preferred partner ( What does this mean? ) View Deal Takeover threats 

Worryingly, 87% of binaries that were detected were malicious, which outlines 
the need for strict policies against executable files being sent through 
email. The researchers warn that since executables can directly install 
malware , security teams should consider blocking binaries (unless they are 
absolutely necessary) and ensure all downloads are scanned before execution. 

A fifth of companies experience at least one account takeover incident per 
month, with criminals gaining access by exploiting weak or reused passwords , 
phishing, or credential stuffing - all very common tactics that are on the 
rise, and hackers are getting better at smuggling phishing emails past 
cybersecurity defenses , so be wary. 

Of these account takeover attacks, 27% involved a suspicious rule change, 
such as auto-deleting incoming security alerts, or setting up email 
forwarding to an external address - helping attackers maintain persistence 
and avoid detection. 

As threats evolve, so should your organizations protection, Barracuda 
advises. 

Scammers are adapting their tactics to bypass gateways and spam filters, so 
its critical to have a solution in place that detects and protects against 
targeted phishing attacks. Supplement your gateways with AI-powered cloud 
email security technology that doesnt solely rely on looking for malicious 
links or attachments. You might also like Take a look at our picks for the 
best firewall software around Check out our choice for best antivirus 
software Beware, hackers can apparently now send phishing emails from 
no-reply@google.com



======================================================================
Link to news story:
https://www.techradar.com/pro/security/almost-a-quarter-of-html-attachments-ar
e-malicious-research-finds


--- Mystic BBS v1.12 A47 (Linux/64)
 * Origin: tqwNet Technology News (1337:1/100)

.