HTML, or Hyper Text Markup Language, has been misused by malicious threat actors for years. In a report published by Barracuda, it was observed that roughly 21% of the HTML attachments scanned were found to be of malicious nature. Ten months after this report was published it has been observed that 45.7% of the HTML files scanned were of a malicious nature as of March 2023, which shows a trend where these type of attacks have doubled.
Legitimate uses of HTML
HTML has many legitimate uses, some of the uses include creating structured content that is displayed online, in other words on a website. Another use is in email’s. For example automated reports, such as newsletters or marketing material. Reports usually get attached to emails in HTML format with the extension .html, .htm or .xhtml.
If the communication comes from a legitimate source one will not be suspicious of the attachment.
Malicious Uses of HTML
Attackers can use a well crafted email or compromised website and a malicious HTML file to get users to enter sensitive information such as credentials.
This allows attackers to hide their malicious intentions such as phishing, credential stealing, etc.
It is important when protecting against these types of attacks the focus is not just on the attachment but the entire email.
History is bound to repeat itself, some malicious HTML attachments have been used in the past
The below screenshot is from an attachment opened from a phishing email.
This is a popular type of attack to use for quite some time but victims still fall for this type of attack hence why attackers continue to use it.
Statistics related to unique HTML attacks
In this section we will look at the statistics that were compiled by Barracuda in regards to HTML attacks.
If one looks at how many unique malicious HTML files were detected it is clear that the growth of HTML based attacks is not due to a few massive attacks but a variety of attacks using highly specialized files.
If we look at the data analyzed by Barracuda from January to March 2023 we see that there are two peaks that can be observed, one on March 7th and the other on March 23rd.
Looking deeper into the statistics of March 7th, there were a total of 672,145 Malicious HTML files, of that 181,176 that were detected were unique items. Out of those, around 1/4 of them (27%) of the detections were unique and the rest were repeat mass deployments.
On the other hand on March 23rd, just about nine out of 10, around 405,438 or 85% of the total 475,938, of the Malicious HTML files were found to be unique, in other words every attack was different.
Statistics of the HTML file types used for malicious intent
With further analysis carried out by Barracuda analysts we see that HTML is the preferred method of choice to be used with malicious intent.
Given that HTML has been around for a long time it still is rather dangerous way to carry out attacks. The reason this is still being used is due to potentially weak security measures in place. Ensuring appropriate security measures are in place are more important than ever.
Keeping yourself safe against malicious HTML attachments
There are a number of things to keep in mind that will help to ensure you are safe from such attacks.
- Effective email protection which identifies and blocks HTML attachments
- User education and awareness of such attacks as well as phishing attacks.
- Strict authentication and access controls
- If a malicious HTML file does get through ensure you have a way to remove such an email from all user mailboxes you have.
Reach out to [email protected] to book your free consultation or to request a quote to keep your users and business safe.