- 23% HTML -Anthanged files are malicious, research from Barracuda -Fund
- These are often used for phishing or legitimation star
- PDFs are much less likely to be harmful
New research from Barracuda has revealed that a staggering 23% of HTML -attached files are marked as malicious, making HTML the most weapon file type – which amounts to over three -quarters of malicious files that are registered, despite a low total volume.
Attackers are increasingly using HTML files for phishing by embedding malicious scripts to redirect victims of fake login pages created to steal credentials or fool users to download malware.
The research also shows that PDFs are less likely to be malicious, despite being the most frequently shared file type via E -mail attached files. Only 0.13% of the PDF files were found to be harmful, but they are more often beginning to contain misleading links to fool readers on credentials.
Takeover threats
Worrying were 87% of binary files discovered, malicious, outlining the need for strict policies against executable files sent via E email. The researchers warn that “since executable parts can directly install malware, security teams should consider blocking binary files (unless they are absolutely needed) and ensure that all downloads are scanned before execution.”
One -fifth of companies experience at least one account takeover event per day. Month in which criminals gain access by utilizing weak or recycled passwords, phishing or credentials -all very common tactics that are on the way and hackers become better at smuggling phishing -e emails past cyber security, pay attention.
Of these acquisition attacks to the account, 27% involved a ‘suspicious rule change’, such as Auto -Deselection of incoming security warnings or setting up E -mail -vocabulary to an external address -helps attackers ‘maintaining persistence and avoiding detection’.
“As threats develop, your organization’s protection must too,” advises Barracuda.
“Scammers adapt their tactics to bypass gateways and spam filters, so it is critical to have a solution in place that detects and protects against targeted phishing attacks. Supplements your gateways with AI-driven Cloud email security technology that is not only dependent on looking for malicious links or attached files.”
