Cybersecurity News in Asia

23% of HTML email attachments are malicious

By CybersecAsia editors | Monday, May 5, 2025, 4:07 PM Asia/Singapore

Barracuda Networks’ 2025 Email Threats Report details the current state of email-based risks facing organizations worldwide.

Based on Barracuda’s threat detection data, the findings highlight how attackers continue to shift malicious links and content to attachments in the hope of evading detection by security tools.

According to the report, as many as 20% of organizations experienced at least one attempted or successful account takeover (ATO) incident per month, with attackers typically trying to gain access through phishing, credential stuffing or by exploiting weak or reused passwords.

Once inside an account, attackers can steal sensitive data, move laterally inside the organisation, and send phishing emails that appear to be from a trusted source.

Key findings

Some key findings from the report include:

23% of HTML attachments are malicious, making them the most weaponised text file type. More than three-quarters of the malicious files detected overall were HTML files. When used legitimately, HTML attachments in emails enable organizations to share content, such as newsletters or invitations, that display properly when opened in an email client or web browser.
68% of malicious PDF attachments and 83% of malicious Microsoft documents contain QR codes designed to take users to phishing websites.
Bitcoin sextortion scams account for 12% of malicious PDF attachments.
47% of email domains do not have Domain-based Message Authentication, Reporting and Conformance (DMARC) configured to protect against unauthorized use, including spoofing and impersonation attacks.
24% of email messages overall are now unwanted or malicious spam.

“Email remains the most common attack vector for cyberthreats because it provides an easy entry point into corporate networks,” said Olesia Klevchuk, Director, Email Protection, Barracuda.

“Malicious email attachments, QR codes and URLs are used by attackers to distribute malware, launch phishing campaigns and exploit vulnerabilities. Many organisations increase their risk level by failing to implement DMARC, making it possible for attackers to impersonate their brand and implement fraudulent attacks.”

Klevchuk added: “Organizations need to mitigate the risks by implementing best practice industry standards and adopting a multi-layered approach to email security, leveraging AI-driven threat detection to spot attacks hidden in attachments and malicious websites.”

Leave a reply Cancel reply

You must be logged in to post a comment.

Voters-draw/RCA-Sponsors

CybersecAsia Voting Placement

Gamification listing or Participate Now

Vote Now -Placement(Google Ads)

Top-Sidebar-banner

Whitepapers

Closing the Gap in Email Security:How To Stop The 7 Most SinisterAI-Powered Phishing Threats
Insider threats continue to be a major cybersecurity risk in 2024. Explore more insights on …Download Whitepaper
2024 Insider Threat Report: Trends, Challenges, and Solutions
Insider threats continue to be a major cybersecurity risk in 2024. Explore more insights on …Download Whitepaper
AI-Powered Cyber Ops: Redefining Cloud Security for 2025
The future of cybersecurity is a perfect storm: AI-driven attacks, cloud expansion, and the convergence …Download Whitepaper
Data Management in the Age of Cloud and AI
In today’s Asia Pacific business environment, organizations are leaning on hybrid multi-cloud infrastructures and advanced …Download Whitepaper

Middle-sidebar-banner

Case Studies

How a Vietnamese D2C retailer built its own secure digital infrastructure
Would your organization build your own digital infrastructure – including AI governance and cybersecurity – …Read more
Cyber protection for medical clinics in Singapore
As Singapore’s healthcare sector becomes increasingly digital and interconnected, clinics are facing heightened cyber risks, …Read more
India’s WazirX strengthens governance and digital asset security
Revamping its custody infrastructure using multi‑party computation tools has improved operational resilience and institutional‑grade safeguardsRead more
Bangladesh LGED modernizes communication while addressing data security concerns
To meet emerging data localization/privacy regulations, the government engineering agency deploys a secure, unified digital …Read more

Bottom sidebar

Other News

Gambit Cyber Announces Strategic Partnership with BitCyber to Advance AI-Native and Risk-Centric Continuous Threat Exposure Management Across Singapore, ASEAN and Hong Kong
Wednesday, June 17, 2026
Strategic partnership brings Continuous Threat …Read More »
Doppel Enters Japan, Marking Next Phase of Global Expansion
Tuesday, June 16, 2026
Social engineering defense leader surpasses …Read More »
SU Group Announces Distribution Agreement with Germany’s GEZE, Expanding Smart Building and Safety Technology Portfolio
Tuesday, June 16, 2026
Agreement adds Globally Recognized Door, …Read More »
Hikvision Releases 2026 Cybersecurity White Paper, Fostering Digital Trust in the AIoT Era
Friday, June 12, 2026
HANGZHOU, China, June 12, 2026 …Read More »
Cohesity Gains Access to Anthropic’s Claude Mythos Preview Through Project Glasswing
Tuesday, June 9, 2026
Strengthening the Cohesity Data Cloud …Read More »

Featured

Are the built-in restrictions in Claude Fable 5 sufficient?

Featured

Bringing cybercriminals to justice in APAC

Featured