Cybersecurity News in Asia

Features
- Featured
  
  AI adoption in India: A balancing act worth chatting about
  
  Thursday, April 25, 2024, 2:53 PM Asia/Singapore | Features, Newsletter
- Featured
  
  AI vulnerability testing: Knowing the In’s and Out’s of proper red teaming
  
  Monday, April 22, 2024, 4:40 PM Asia/Singapore | Case Study, Features
- Featured
  
  What businesses need to know about SEO poisoning
  
  Tuesday, April 16, 2024, 4:55 PM Asia/Singapore | Features
News
- Featured
  
  How medical devices manufacturer Tuttnauer protects patient and personal-data safety
  
  Tuesday, April 23, 2024, 5:22 PM Asia/Singapore | Case Study, News
- Featured
  
  How much of automated internet traffic contains malicious activity?
  
  Monday, April 22, 2024, 9:02 AM Asia/Singapore | Cyberthreat Landscape, News, Newsletter
- Featured
  
  Large language models have their strengths and weaknesses: analysis
  
  Monday, April 22, 2024, 8:56 AM Asia/Singapore | News
Opinions
Tips
Whitepapers
Awards 2024
Directory
E-Learning

News

Why embed phishing links in emails when malicious HTML attachments will do?

By CybersecAsia editors and webmaster webmaster | Tuesday, July 5, 2022, 11:35 AM Asia/Singapore

This is what one cybersecurity firm noticed in surveying a month’s worth of attachments being scanned in its user base

In a cybersecurity firm’s analysis of millions of attachments scanned on its user base over a period of one month, HTML attachments were the most commonly used (21%) for malicious purposes, compared to text (9%), xHTML (4%), binaries (3%) scripts (JS, PS: 0.08%), PDFs (0.009%) and other types of attachments.

Attackers can embed HTML attachments in emails disguised as system-generated weekly reports, carrying a level of default trust that leads recipients into clicking on phishing links within the attachment.

This means hackers no longer need to include malicious links in the body of an email, allowing them to bypass anti-spam and anti-virus policies with ease. And because HTML attachments themselves are deem not malicious, they can easily bypass basic anti-spam and anti-virus software. This makes malicious HTML attachments more difficult to detect, compared to malicious links in the body of an email.

According to Mark Lukie, Systems Engineer Manager (Asia-Pacific), Barracuda, which conducted the analysis, HTML attachments are not only widely used for system-generated email reports, and in themselves are not malicious, thereby making such attacks more difficult to detect.

“Therefore, businesses should ensure that email protection (solutions) scan and block malicious HTML attachments by leveraging machine learning and static code analysis to evaluate the content of an email and not just an attachment. It’s also important to train users to identify and report potentially malicious HTML attachments by including examples of these attacks as part of phishing simulation campaigns. And if malicious email does get through, have post-delivery remediation tools ready to quickly identify and remove any instances of malicious email from all user inboxes.”

The firm recommends that email protection solutions take into account an entire email with HTML attachments, looking at all redirects and analyzing the content for malicious intent.

Leave a reply Cancel reply

You must be logged in to post a comment.

Voters-draw/RCA-Sponsors

CybersecAsia Voting Placement

Gamification listing or Participate Now

Vote Now -Placement(Google Ads)

Top-Sidebar-banner

Whitepapers

Secure Access Service Edge (SASE) Solutions for Today’s Work-From-Anywhere (WFA) Environment
Organizations are turning to Secure Access Service Edge (SASE) solutions for securing remote work environments, …Download Whitepaper
Identity Has Breached the Ecosystem
This whitepaper explores the dual nature of identity in cybersecurity, emphasizing its role in both …Download Whitepaper
Fortanix Buyers Guide for Modern Key Management and Data Security
This document underscores the pressing challenges in key management and data securityDownload Whitepaper
Fortanix Data Risk Management – Using Tokenization to Secure Your Data
In today's digital world, organizations prioritize data security. To protect sensitive information, they use tokenization, …Download Whitepaper

Middle-sidebar-banner

Case Studies

How medical devices manufacturer Tuttnauer protects patient and personal-data safety
In running a cloud-based portal to link its smart medical equipment, the firm has also …Read more
AI vulnerability testing: Knowing the In’s and Out’s of proper red teaming
To test the safety/security of a generative AI feature, what unchartered bugs and human testing …Read more
Real estate logistics provider GLP steps up to zero trust architecture
With its physical and digital footprint growing, the global firm’s outdated legacy security stack has …Read more
Identity security woes now a thing of the past for Heng Leong Hang
The retail chain was grappling with numerous cyber risks in its IT infrastructure until it …Read more

Cybersecurity News in Asia

Featured

AI adoption in India: A balancing act worth chatting about

Featured

AI vulnerability testing: Knowing the In’s and Out’s of proper red teaming

Featured

What businesses need to know about SEO poisoning

Featured

How medical devices manufacturer Tuttnauer protects patient and personal-data safety

Featured

How much of automated internet traffic contains malicious activity?

Featured

Large language models have their strengths and weaknesses: analysis

Why embed phishing links in emails when malicious HTML attachments will do?

This is what one cybersecurity firm noticed in surveying a month’s worth of attachments being scanned in its user base

Related Posts

Leave a reply Cancel reply

Voters-draw/RCA-Sponsors

CybersecAsia Voting Placement

Gamification listing or Participate Now

Vote Now -Placement(Google Ads)

Top-Sidebar-banner

Whitepapers

Middle-sidebar-banner

Case Studies

Bottom sidebar