Researchers are warning that threat operators are increasingly using more malicious HTML files in their cyberattacks, with malicious files accounting for half of all HTML attachments delivered through email. The rate of malicious HTML prevalence has more than doubled since last year, and it does not appear to be the product of mass cyberattack campaigns that deliver the same attachment to numerous people. Threat intelligence reports that anything that has been around for a while does not appear to make it any less potent when it comes to cyberattack tactics and tools. Threat operators are continuing to use malicious HTML because it works. Putting in place adequate security is as vital now as it has always been.
Why is HTML threat Operators Favorite?
Malicious HTML Attachments Are Becoming Common
One cybersecurity company analyzed using its telemetry in May 2022 and discovered that 21% of the HTML attachments analyzed by its products were malicious. It’s the highest malicious-to-clean ratio of any file type delivered by email; however, it has worsened since, hitting 45.7% in March of this year. Users who receive an HTML attachment through email have a one-in-two chance that it’s malicious. However, the researchers examined the file’s uniqueness to ensure that several massive cyberattacks do not skew the data. The researchers chose two periods between January and March when considerable increases in malicious HTML files were discovered, implying significant attacks. On March 7, 672,145 malicious HTML artifacts were scanned by the company’s products, of which 181,176 were unique, implying that almost one-quarter of the files were the result of unique attacks. Things were much worse for the second spike on March 23. 85% or nearly nine in ten of the 475,938 malicious HTML detection were unique. Protection against malicious HTML-based attacks must include scanning emails containing HTML attachments, inspecting all redirects, and assessing the email’s content for malicious intent.
Mitigating Malicious HTML Attachments
Email security solutions should be used to examine the full email context rather than simply the attachment’s contents. Additionally, it’s critical to train employees to recognize and report malicious HTML attachments and be skeptical of such attachments from unknown sources. It’s critical for companies to have incident response tools and processes which allows attachments to be removed from all mailboxes they may have reached once it has been identified as malicious by the security team. Using two-factor authentication in conjunction with zero-trust access solutions that assess not just credentials but also users’ devices, locations, time zones, and histories can help limit breaches even if users become victims of phishing and credential theft. Accounts need to have post-login monitoring so that the security team is notified if any suspicious behaviors are identified.
With more threat operators relying on malicious HTML files in their cyberattacks and phishing campaigns, it’s essential for companies to stay ahead of the current threat landscape and train their employees to detect suspicious HTML attachments. At SpearTip, our experts offer phishing awareness training to partners to enhance skills related to defending against these threats. The training tests the discernment of companies’ teams, educates employees regarding common phishing tactics and indicators, and identifies related security gaps in their environment. Our team creates phishing emails and social engineering simulations like those threat actors use and sends them throughout the organization. Throughout the training, SpearTip experts provide insight and feedback to improve the cyber defenses of companies’ teams, leading to a profound decrease in the likelihood of being victimized by phishing or social engineering scams. After the training, our team provides precise and thorough strategies about how to harden their environment and implement ongoing awareness training.
If your company is experiencing a breach, call our Security Operations Centers at 833.997.7327 to speak directly with an engineer.