Research conducted by Barracuda Networks has found that HTML attachments are by far the most used by cybercriminals for malicious purposes. The company’s analysis of millions of email attachments over the past month revealed that a whole 1 in 5 HTML attachments was malicious. By comparison, a meagre 0.03% and 0.009% of MS Office and PDF files respectively that were sent via the scanned emails were found to be malicious.

Explaining the growing popularity of HTML attachments as an attack vector, Toni El Inati – RVP Sales, META & CEE, Barracuda Networks said, “HTML attachments have become ubiquitous in email communications as they are commonly used for system-generated reports, updates, and notifications. They often include hyperlinks, which users have become accustomed to clicking without first checking to see the full URL. It is no surprise then those attackers have been quick to exploit this trust. Moreover, these attachments mean that attackers no longer need to place malicious links in the body of the email and therefore allow them to bypass traditional anti-spam and anti-virus policies with ease.”

The company’s cybersecurity experts also outlined key ways in which organizations can protect against the growing threat of malicious HTML attachments:

• Ensure the organization’s email protection scans and blocks malicious HTML attachments. Train users to identify and report potentially malicious HTML attachments.
• If malicious emails get through, have post-delivery remediation tools ready.