"Attacks Increasingly Use Malicious HTML Email Attachments"

Researchers warn that attackers are increasingly relying on malicious HTML files in their attacks, with malicious files making up for half of all HTML email attachments. This rate of malicious HTML prevalence has doubled since last year, and it does not appear to be the product of mass attack campaigns that deliver the same attachment to a huge number of individuals. According to researchers from the security company Barracuda Networks, attackers continue to use malicious HTML because it is effective. HTML, the standard markup language for displaying Web content, has a variety of valid applications within email communications. For example, enterprise users typically receive reports generated and emailed by various applications and tools. This does not make them suspicious when they see this type of attachment, and email security gateway filters cannot prohibit this attachment type explicitly. HTML is also versatile regarding the types of attacks it can facilitate. One of the most prevalent use cases is credential phishing, in which attackers construct HTML attachments that, when opened, pose as the login page for various services. This may also be dynamic, with the HTML containing JavaScript code that reroutes the user to a malicious website. This article continues to discuss attackers' use of malicious HTML email attachments. 

CSO Online reports "Attacks Increasingly Use Malicious HTML Email Attachments"