Cybersecurity News in Asia

23% of HTML email attachments are malicious

By CybersecAsia editors | Monday, May 5, 2025, 4:07 PM Asia/Singapore

Barracuda Networks’ 2025 Email Threats Report details the current state of email-based risks facing organizations worldwide.

Based on Barracuda’s threat detection data, the findings highlight how attackers continue to shift malicious links and content to attachments in the hope of evading detection by security tools.

According to the report, as many as 20% of organizations experienced at least one attempted or successful account takeover (ATO) incident per month, with attackers typically trying to gain access through phishing, credential stuffing or by exploiting weak or reused passwords.

Once inside an account, attackers can steal sensitive data, move laterally inside the organisation, and send phishing emails that appear to be from a trusted source.

Key findings

Some key findings from the report include:

23% of HTML attachments are malicious, making them the most weaponised text file type. More than three-quarters of the malicious files detected overall were HTML files. When used legitimately, HTML attachments in emails enable organizations to share content, such as newsletters or invitations, that display properly when opened in an email client or web browser.
68% of malicious PDF attachments and 83% of malicious Microsoft documents contain QR codes designed to take users to phishing websites.
Bitcoin sextortion scams account for 12% of malicious PDF attachments.
47% of email domains do not have Domain-based Message Authentication, Reporting and Conformance (DMARC) configured to protect against unauthorized use, including spoofing and impersonation attacks.
24% of email messages overall are now unwanted or malicious spam.

“Email remains the most common attack vector for cyberthreats because it provides an easy entry point into corporate networks,” said Olesia Klevchuk, Director, Email Protection, Barracuda.

“Malicious email attachments, QR codes and URLs are used by attackers to distribute malware, launch phishing campaigns and exploit vulnerabilities. Many organisations increase their risk level by failing to implement DMARC, making it possible for attackers to impersonate their brand and implement fraudulent attacks.”

Klevchuk added: “Organizations need to mitigate the risks by implementing best practice industry standards and adopting a multi-layered approach to email security, leveraging AI-driven threat detection to spot attacks hidden in attachments and malicious websites.”

Leave a reply Cancel reply

You must be logged in to post a comment.

Voters-draw/RCA-Sponsors

CybersecAsia Voting Placement

Gamification listing or Participate Now

Vote Now -Placement(Google Ads)

Top-Sidebar-banner

Whitepapers

Closing the Gap in Email Security:How To Stop The 7 Most SinisterAI-Powered Phishing Threats
Insider threats continue to be a major cybersecurity risk in 2024. Explore more insights on …Download Whitepaper
2024 Insider Threat Report: Trends, Challenges, and Solutions
Insider threats continue to be a major cybersecurity risk in 2024. Explore more insights on …Download Whitepaper
AI-Powered Cyber Ops: Redefining Cloud Security for 2025
The future of cybersecurity is a perfect storm: AI-driven attacks, cloud expansion, and the convergence …Download Whitepaper
Data Management in the Age of Cloud and AI
In today’s Asia Pacific business environment, organizations are leaning on hybrid multi-cloud infrastructures and advanced …Download Whitepaper

Middle-sidebar-banner

Case Studies

How a Vietnamese D2C retailer built its own secure digital infrastructure
Would your organization build your own digital infrastructure – including AI governance and cybersecurity – …Read more
Cyber protection for medical clinics in Singapore
As Singapore’s healthcare sector becomes increasingly digital and interconnected, clinics are facing heightened cyber risks, …Read more
India’s WazirX strengthens governance and digital asset security
Revamping its custody infrastructure using multi‑party computation tools has improved operational resilience and institutional‑grade safeguardsRead more
Bangladesh LGED modernizes communication while addressing data security concerns
To meet emerging data localization/privacy regulations, the government engineering agency deploys a secure, unified digital …Read more

Bottom sidebar

Other News

Global Tech Shift: Tune Talk Launches World’s First Network-Enforced Child Safety Mobile Plan, Bypassing App-Level Limitations
Saturday, June 27, 2026
PETALING JAYA, Malaysia, June 26, …Read More »
DJI Enterprise Advances Industry with New Framework for Dock as First Responder (DFR) Deployments
Thursday, June 25, 2026
New White Paper Outlines Best …Read More »
At VivaTech 2026, Taiwan-Based MaiAgent Says Enterprises Should Stop Building RAG and AI Agent Systems From Scratch
Friday, June 19, 2026
TAIPEI and PARIS, June 19, …Read More »
How large-scale AI drives the evolution of video encoding to intelligent understanding
Thursday, June 18, 2026
HANGZHOU, China, June 18, 2026 …Read More »
Crisis24 Opens Global Maritime Operations Center in Manila to Power Intelligence, Consulting and Crisis Response Services
Thursday, June 18, 2026
New 24/7 operations center anchors …Read More »

Featured

S E Asia governments targeted by cyber-espionage group

Featured

Rethinking network and infrastructure design for resilience

Featured