- 23% HTML accessories are malicious, Barracuda’s research finds
- These are often used for phishing or identification theft
- PDFs are much less likely to be harmful
New research by Barracuda has revealed that 23% of HTML attachments are marked as malicious, making HTML the most armed file type – constituting more than three quarters of malicious files detected, despite a small total volume.
The attackers are increasingly using HTML files for phishing by integrating malicious scripts to redirect victims to false connection pages that are created in order to steal identification information or deceive users to download malware.
Research also shows that PDFs are less likely to be malicious, although they are the most frequently shared file via attachment by e-mail. Only 0.13% of PDFs proved to be harmful, but they are starting to contain misleading links to deceive readers on identification harvesting sites.
Redemption threats
Concern, 87% of the binary detected were malicious, which describes the need for strict policies against the executable files sent by e-mail. Researchers warn that “since executables can directly install malware, security teams should consider blocking binary (unless they are absolutely necessary) and ensure that all downloads are analyzed before execution.”
A fifth of companies experiences at least one account buy -back incident per month, criminals that have accessed by exploiting low or reused passwords, phishing or the stuffing of identification information – all very common tactics that are increasing, and the hackers are improving to pass e -mails of spent phishing passed from cybersecurity, so be suspicious.
Among these account buyback attacks, 27% involved a “suspicious change of rule”, such as the automatic deletion of incoming safety alerts, or the implementation of the transmission of emails to an external address – helping attackers to maintain persistence and avoid detection. “
“As the threats evolve, the protection of your organization should also,” advises Barracuda.
“Shols adapt their tactics to bypass gateways and spam filters, it is therefore essential to have a solution in place which detects and protects against targeted phishing attacks. Complete your bridges with safety technology by E-mail cloud fueled by AI which does not only depend on the search for links or malicious attached pieces.”
