- 23% of HTML accessories are malicious, Barracuda’s research finds
- These are often used for phishing or the theft of credentials
- PDF is much less likely to be harmful
A new investigation by Barracuda has revealed that an amazing 23% of the HTML attachments are marked as malicious, which makes HTML the most armed file, which represents more than three quarters of malicious files detected, despite a low total volume.
The attackers use more and more HTML files for phishing by incorporating malicious scripts to redirect victims to the predicting login pages that are created to steal credentials or deceive users to discharge malware.
The research also shows that PDF is less likely to be malicious, despite being the type of file shared most frequently through email attachments. It was only found that 0.13% of PDFs are harmful, but they begin to contain more often deceptive links to trick readers in credential harvesting sites.
Acquisition threats
Occorbatingly, 87% of the binaries that were detected were malicious, which describes the need for strict policies against executable files that are sent by email. Researchers warn that “since executables can directly install malware, safety equipment should consider binary lock (unless they are absolutely necessary) and ensure that all discharges scan before execution.”
A fifth of the companies experience at least one acquisition incident of the account per month, with criminals who obtain access exploiting weak or reused passwords, phishing or filling of credentials, all the very common tactics that are increasing and the computer pirates are improving in the smuggling of the electronic pHishing emails. So it’s local.
Of these account acquisition attacks, 27% involved a “change of suspicious rules”, such as automatic removal alerts or email forwarding configuration to an external address, helping attackers “to maintain persistence and avoid detection.”
“As threats evolve, also the protection of your organization,” Barracuda advises.
“The scammers are adapting their tactics to avoid the bond doors and unwanted mail filters, so it is essential to have a solution in their place that detects and protects against specific phishing attacks. Complements its liaison doors with email security technology in the cloud with AI that does not only trust malicious attachments or files.”
