New research conducted by Barracuda Networks, a leading provider of cloud-first security solutions, has found that HTML attachments are by far the most used by cybercriminals for malicious purposes.
The company’s analysis of millions of email attachments over the past month revealed that one in five HTML attachments were malicious. By comparison, a meagre 0.03% and 0.009% of MS Office and PDF files respectively that were sent via the scanned emails were found to be malicious.
“HTML attachments have become ubiquitous in email communications as they’re commonly used for system-generated reports, updates and notifications. They often include hyperlinks which users have become accustomed to clicking without first checking to see the full URL,” said Toni El Inati, RVP Sales, META and CEE, Barracuda Networks.
“It’s no surprise then that attackers have been quick to exploit this trust. Moreover, these attachments mean that attackers no longer need to place malicious links in the body of the email and therefore allow them to bypass traditional anti-spam and anti-virus policies with ease.”
In analysing the modus-operandi of the cybercriminals perpetrating these attacks, Barracuda’s experts found credential phishing and malware to be primarily motives. The research revealed that attackers commonly embed links to phishing or malicious websites within their HTML attachments.