This simple cyberattack is still among the most effective

Cybercriminals may be getting more sophisticated by the day, but simply distributing HTML files remains one of the most popular tactics, according to new research.

According to telemetry data from cybersecurity firm Kaspersky, in the first four months of 2022 there were more than two million malicious emails containing weaponized HTML files.

March 2022 has been the busiest month of the year so far for this type of attack, with 851,000 detections. Last month there were only 387,000 detections, although Kaspersky says this may just be a “momentary change” and doesn’t necessarily suggest a change in the larger trend.

HTML owes its popularity among cybercriminals to its effectiveness against spam engines and other cybersecurity measures. Short for HyperText Markup Language, it is the standard markup language for web pages and other documents designed to be viewed in a web browser.

When weaponized, HTML files can redirect users to malicious sites, cause them to download malware or viruses, and display various forms of phishing locally.

Since the language itself cannot be considered malicious, it is barely detected by email security solutions either.

According to BleepingComputer, the technique saw its glory days in 2019, but remains a “common” technique in today’s phishing campaigns. The post points out that often just opening HTML files will cause JavaScript to run on the target endpoint, which could lead to malware assembling on the disk itself, thereby bypassing any security software. .

Email continues to be one of the most popular attack vectors for cybercriminals. It’s widespread and cheap, making it an ideal tool for distributing spyware, ransomware, and other malware, as well as for phishing attacks.

See also  Microsoft sounds the alarm over new cunning Windows malware

Cybersecurity researchers warn users to always be wary of incoming emails, especially when they contain links or attachments. Even if the email security solution installed on the device does not trigger a warning, HTML attachments should be treated as suspicious.

Via BleepingComputer

Leave a Comment