Email attachments are a popular way to deliver viruses, ransomware, and other cyberattacks. Barracuda researchers have analyzed data on millions of attachments scanned by their security tools and found that HTML attachments are the most likely to be malicious. Twenty-one percent of all HTML attachments reviewed as part of the research were malicious.
HTML attachments are effective because they’re used frequently for legitimate communication, and it’s tough to identify the real ones from the malicious ones. Attackers often disguise these attachments as weekly reports or notifications, tricking end users into clicking on phishing links. Because there are no shady links in the email body, scammers can avoid anti-spam/virus technology.
Since the threat from malicious HTML attachments shows no signs of abating, it’s vital that MSPs, VARs and their clients fully understand the nature of this threat and what steps can help protect their employees from falling victim to these scams.
How HTML Attacks Work
Companies need a multi-layered approach to successfully stop these attacks without impeding employee productivity – one that inspects email delivery and monitors endpoints, networks, and post-attack activities.
Stopping HTML Attacks
While HTML-based attacks are hard to spot, using a combination of tools and strategies can help companies improve the odds of stopping them.
First, your email protection system should scan and block malicious HTML attachments. As noted above, this is no easy task since the attachments look like normal attachments. However, an email security solution that leverages machine learning and static code analysis can better identify these emails because they can be trained to evaluate the contents of the actual email (not just the attachment). These systems use machine learning to establish what a regular email looks like and then apply that knowledge to detecting phishing scams.
For attacks that do get through, deploy an automated incident response solution that can quickly remove all instances of the email from inboxes across the organization. A solution that includes account takeover protection can also help spot misuse of credentials that may have been compromised. Finally, post-delivery remediation tools are critical to a multi-layered security approach.
Educate employees to help them spot malicious HTML attacks and make it easy for them to report potential incidents. For example, offer regular training, utilize phishing simulation campaigns to identify employees that need extra help, and provide updates about new threats or recent attacks so employees will remain vigilant. In addition, everyone should be cautious of HTML attachments, and policies should be in place to encourage extra care when sharing login credentials.
Cyberattacks continue to grow in number and complexity. However, a holistic approach to email security that relies on machine learning, end user education, and other tools can keep data and networks safe from HTML-based attacks.