"HTML Attachments Found to Be the Most Malicious Type of File"

Findings from the IT security firm Barracuda Networks reveal that adversaries use HTML attachments the most in cyberattacks. Olesia Klevchuk, Principal Product Marketing Manager for email security at Barracuda Networks, pointed out that these attacks are difficult to detect because HTML attachments themselves are not malicious. Malware is not included in the attachment itself. Instead, attackers use multiple redirects with JavaScript libraries hosted elsewhere. HTML attachments are becoming more popular as attacks become more difficult for both users and systems to detect. In an example provided by Barracuda, the HTML attachment itself is not malicious, but it eventually redirects the user to a malicious site. HTML attachments were found to be malicious at nearly twice the rate of the next type of file. Other types of malicious files include text, XHTML, binaries, scripts, RTF, MS Office, and PDF. According to Barracuda, hackers have been embedding malicious HTML files into emails that users regularly receive, such as a link to a report. This is, in fact, a phishing email with a malicious URL attached. Cybercriminals are no longer required to place links in the body of an email, making them easy to detect. The HTML method is much more difficult than previous attempts, and it can also more easily avoid anti-spam and antivirus policies. This article continues to discuss why HTML attachments are being used in attacks and how users can protect their systems from malicious HTML attachments. 

TechRepublic reports "HTML Attachments Found to Be the Most Malicious Type of File"