Cybersecurity News in Asia

23% of HTML email attachments are malicious

By CybersecAsia editors | Monday, May 5, 2025, 4:07 PM Asia/Singapore

Barracuda Networks’ 2025 Email Threats Report details the current state of email-based risks facing organizations worldwide.

Based on Barracuda’s threat detection data, the findings highlight how attackers continue to shift malicious links and content to attachments in the hope of evading detection by security tools.

According to the report, as many as 20% of organizations experienced at least one attempted or successful account takeover (ATO) incident per month, with attackers typically trying to gain access through phishing, credential stuffing or by exploiting weak or reused passwords.

Once inside an account, attackers can steal sensitive data, move laterally inside the organisation, and send phishing emails that appear to be from a trusted source.

Key findings

Some key findings from the report include:

23% of HTML attachments are malicious, making them the most weaponised text file type. More than three-quarters of the malicious files detected overall were HTML files. When used legitimately, HTML attachments in emails enable organizations to share content, such as newsletters or invitations, that display properly when opened in an email client or web browser.
68% of malicious PDF attachments and 83% of malicious Microsoft documents contain QR codes designed to take users to phishing websites.
Bitcoin sextortion scams account for 12% of malicious PDF attachments.
47% of email domains do not have Domain-based Message Authentication, Reporting and Conformance (DMARC) configured to protect against unauthorized use, including spoofing and impersonation attacks.
24% of email messages overall are now unwanted or malicious spam.

“Email remains the most common attack vector for cyberthreats because it provides an easy entry point into corporate networks,” said Olesia Klevchuk, Director, Email Protection, Barracuda.

“Malicious email attachments, QR codes and URLs are used by attackers to distribute malware, launch phishing campaigns and exploit vulnerabilities. Many organisations increase their risk level by failing to implement DMARC, making it possible for attackers to impersonate their brand and implement fraudulent attacks.”

Klevchuk added: “Organizations need to mitigate the risks by implementing best practice industry standards and adopting a multi-layered approach to email security, leveraging AI-driven threat detection to spot attacks hidden in attachments and malicious websites.”

Leave a reply Cancel reply

You must be logged in to post a comment.

Voters-draw/RCA-Sponsors

CybersecAsia Voting Placement

Gamification listing or Participate Now

Vote Now -Placement(Google Ads)

Top-Sidebar-banner

Whitepapers

Closing the Gap in Email Security:How To Stop The 7 Most SinisterAI-Powered Phishing Threats
Insider threats continue to be a major cybersecurity risk in 2024. Explore more insights on …Download Whitepaper
2024 Insider Threat Report: Trends, Challenges, and Solutions
Insider threats continue to be a major cybersecurity risk in 2024. Explore more insights on …Download Whitepaper
AI-Powered Cyber Ops: Redefining Cloud Security for 2025
The future of cybersecurity is a perfect storm: AI-driven attacks, cloud expansion, and the convergence …Download Whitepaper
Data Management in the Age of Cloud and AI
In today’s Asia Pacific business environment, organizations are leaning on hybrid multi-cloud infrastructures and advanced …Download Whitepaper

Middle-sidebar-banner

Case Studies

Cyber protection for medical clinics in Singapore
As Singapore’s healthcare sector becomes increasingly digital and interconnected, clinics are facing heightened cyber risks, …Read more
India’s WazirX strengthens governance and digital asset security
Revamping its custody infrastructure using multi‑party computation tools has improved operational resilience and institutional‑grade safeguardsRead more
Bangladesh LGED modernizes communication while addressing data security concerns
To meet emerging data localization/privacy regulations, the government engineering agency deploys a secure, unified digital …Read more
What AI worries keep members of the Association of Certified Fraud Examiners sleepless?
This case study examines how many anti-fraud professionals reported feeling underprepared to counter rising AI-driven …Read more

Bottom sidebar

Other News

Tencent Cloud Unveils AI-Powered Gaming Solutions at GDC 2026, Transforming Connection, Creation, and Security for the Future of Games
Friday, March 13, 2026
The Latest GVoice Brings Revolutionary …Read More »
TXOne Networks Showcases TXOne Complete at S4x26, Advancing the Full OT Security Journey for Channel Partners
Thursday, March 12, 2026
The operations-first OT security partner …Read More »
Globe Teleservices Announces Partnership with Myanma Posts and Telecommunications to Enhance Secure Messaging and Customer Experience
Thursday, March 12, 2026
SINGAPORE, March 11, 2026 /PRNewswire/ …Read More »
Coremail Shares Insights on Strengthening Enterprise Email Security Amid Evolving Threats
Thursday, March 12, 2026
BANGKOK, March 11, 2026 /PRNewswire/ …Read More »
Cohesity Strengthens Data Protection and Security to Advance Enterprise AI Resilience
Thursday, March 12, 2026
SINGAPORE, March 11, 2026 /PRNewswire/ …Read More »

Featured

IoT trends APAC enterprises cannot ignore in 2026

Featured

Beyond firewalls – addressing cybersecurity blind spots

Featured