Cybersecurity News in Asia

23% of HTML email attachments are malicious

By CybersecAsia editors | Monday, May 5, 2025, 4:07 PM Asia/Singapore

Barracuda Networks’ 2025 Email Threats Report details the current state of email-based risks facing organizations worldwide.

Based on Barracuda’s threat detection data, the findings highlight how attackers continue to shift malicious links and content to attachments in the hope of evading detection by security tools.

According to the report, as many as 20% of organizations experienced at least one attempted or successful account takeover (ATO) incident per month, with attackers typically trying to gain access through phishing, credential stuffing or by exploiting weak or reused passwords.

Once inside an account, attackers can steal sensitive data, move laterally inside the organisation, and send phishing emails that appear to be from a trusted source.

Key findings

Some key findings from the report include:

23% of HTML attachments are malicious, making them the most weaponised text file type. More than three-quarters of the malicious files detected overall were HTML files. When used legitimately, HTML attachments in emails enable organizations to share content, such as newsletters or invitations, that display properly when opened in an email client or web browser.
68% of malicious PDF attachments and 83% of malicious Microsoft documents contain QR codes designed to take users to phishing websites.
Bitcoin sextortion scams account for 12% of malicious PDF attachments.
47% of email domains do not have Domain-based Message Authentication, Reporting and Conformance (DMARC) configured to protect against unauthorized use, including spoofing and impersonation attacks.
24% of email messages overall are now unwanted or malicious spam.

“Email remains the most common attack vector for cyberthreats because it provides an easy entry point into corporate networks,” said Olesia Klevchuk, Director, Email Protection, Barracuda.

“Malicious email attachments, QR codes and URLs are used by attackers to distribute malware, launch phishing campaigns and exploit vulnerabilities. Many organisations increase their risk level by failing to implement DMARC, making it possible for attackers to impersonate their brand and implement fraudulent attacks.”

Klevchuk added: “Organizations need to mitigate the risks by implementing best practice industry standards and adopting a multi-layered approach to email security, leveraging AI-driven threat detection to spot attacks hidden in attachments and malicious websites.”

Leave a reply Cancel reply

You must be logged in to post a comment.

Voters-draw/RCA-Sponsors

CybersecAsia Voting Placement

Gamification listing or Participate Now

Vote Now -Placement(Google Ads)

Top-Sidebar-banner

Whitepapers

Closing the Gap in Email Security:How To Stop The 7 Most SinisterAI-Powered Phishing Threats
Insider threats continue to be a major cybersecurity risk in 2024. Explore more insights on …Download Whitepaper
2024 Insider Threat Report: Trends, Challenges, and Solutions
Insider threats continue to be a major cybersecurity risk in 2024. Explore more insights on …Download Whitepaper
AI-Powered Cyber Ops: Redefining Cloud Security for 2025
The future of cybersecurity is a perfect storm: AI-driven attacks, cloud expansion, and the convergence …Download Whitepaper
Data Management in the Age of Cloud and AI
In today’s Asia Pacific business environment, organizations are leaning on hybrid multi-cloud infrastructures and advanced …Download Whitepaper

Middle-sidebar-banner

Case Studies

Cyber protection for medical clinics in Singapore
As Singapore’s healthcare sector becomes increasingly digital and interconnected, clinics are facing heightened cyber risks, …Read more
India’s WazirX strengthens governance and digital asset security
Revamping its custody infrastructure using multi‑party computation tools has improved operational resilience and institutional‑grade safeguardsRead more
Bangladesh LGED modernizes communication while addressing data security concerns
To meet emerging data localization/privacy regulations, the government engineering agency deploys a secure, unified digital …Read more
What AI worries keep members of the Association of Certified Fraud Examiners sleepless?
This case study examines how many anti-fraud professionals reported feeling underprepared to counter rising AI-driven …Read more

Bottom sidebar

Other News

Hong Kong Anti-graft Watchdog: Clean Governance and Ethical Business is Key to Hong Kong’s Sustainable Business Development
Thursday, April 9, 2026
HONG KONG, April 9, 2026 …Read More »
Goodix Launches the World’s First eSE Solution Designed for AI Agents
Thursday, April 9, 2026
SHENZHEN, China, April 8, 2026 …Read More »
LRQA Amplifies Industrial and Cyber Resilience in APAC at CS4CA Summit 2026
Thursday, April 9, 2026
SINGAPORE, April 8, 2026 /PRNewswire/ …Read More »
MegazoneCloud Achieves Profitability Turnaround with $1.16 Billion Revenue in 2025
Thursday, April 9, 2026
Revenue grows 28% YoY… EBITDA …Read More »
Taoping Expands Smart Elevator Services Business with New Orders Exceeding US$3 Million
Wednesday, April 8, 2026
TIANJIN, China, April 8, 2026 …Read More »

Featured

Q-Day is coming. Are you ready?

Featured

How lean defence teams turn endpoint insights into measurable risk reduction

Featured