This simple cyberattack is still among the most effective

Audio player loading…

Cybercriminals may be getting more sophisticated by the day, but simple HTML file distribution still remains one of the most popular tactics, new research shows.

According to telemetry data from cybersecurity company Kaspersky, in the first four months of 2022, there were more than two million malicious emails carrying weaponized HTML files.

March 2022 was the most active month of the year so far for this type of attack, with 851,000 detections. Last month saw just 387,000 detections, although Kaspersky says this could just be a “momentary shift”, and doesn’t necessarily suggest a shift in the wider trend.

HTML owes its popularity among cybercriminals to its effectiveness against antispam engines and other cybersecurity measures. Short for HyperText Markup Language, it is the standard markup language for web pages and other documents designed to be displayed in a web browser.

When weaponized, HTML files can redirect users to malicious sites, have them download malware or viruses, and locally display various phishing forms. 

As the language itself cannot be deemed malicious, it hardly gets detected by email security solutions, either.

According to BleepingComputer, the technique saw its glory days in 2019, but remains a “common” technique in today’s phishing campaigns. The publication stresses that just opening HTML files is often enough to have JavaScript running on the target endpoint, which could result in malware being assembled on the disk itself, thus bypassing any security software. 

Email continues to be one of the most popular attack vectors for cybercriminals. It’s widespread and cheap, making it an ideal tool for the distribution of spyware, ransomware, and other malware, as well as phishing attacks. 

Cybersecurity researchers are warning users to always be suspicious of incoming emails, especially when they carry links or attachments. Even if the email security solution installed on the device does not trigger a warning, HTML attachments should be treated as suspicious.

Via BleepingComputer

See all articles in Insights

Similar Posts