This simple cyberattack is still among the most effective

A laptop showing lots of email notifications
(Image credit: Shutterstock)

Cybercriminals may be getting more sophisticated by the day, but simple HTML file distribution still remains one of the most popular tactics, new research shows.

According to telemetry data from cybersecurity company Kaspersky, in the first four months of 2022, there were more than two million malicious emails carrying weaponized HTML files.

March 2022 was the most active month of the year so far for this type of attack, with 851,000 detections. Last month saw just 387,000 detections, although Kaspersky says this could just be a “momentary shift”, and doesn’t necessarily suggest a shift in the wider trend.

Image

<a href="https://polls.futureplc.com/poll/2022-cybersecurity-survey" data-link-merchant="polls.futureplc.com"" target="_blank">Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022. Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at the <a href="https://polls.futureplc.com/poll/2022-cybersecurity-survey" data-link-merchant="polls.futureplc.com"" data-link-merchant="polls.futureplc.com"" target="_blank">end of this survey to get the bookazine, worth $10.99/£10.99.

HTML owes its popularity among cybercriminals to its effectiveness against antispam engines and other cybersecurity measures. Short for HyperText Markup Language, it is the standard markup language for web pages and other documents designed to be displayed in a web browser.

When weaponized, HTML files can redirect users to malicious sites, have them download malware or viruses, and locally display various phishing forms. 

As the language itself cannot be deemed malicious, it hardly gets detected by email security solutions, either.

According to BleepingComputer, the technique saw its glory days in 2019, but remains a “common” technique in today’s phishing campaigns. The publication stresses that just opening HTML files is often enough to have JavaScript running on the target endpoint, which could result in malware being assembled on the disk itself, thus bypassing any security software. 

Email continues to be one of the most popular attack vectors for cybercriminals. It’s widespread and cheap, making it an ideal tool for the distribution of spyware, ransomware, and other malware, as well as phishing attacks. 

Cybersecurity researchers are warning users to always be suspicious of incoming emails, especially when they carry links or attachments. Even if the email security solution installed on the device does not trigger a warning, HTML attachments should be treated as suspicious.

Via BleepingComputer

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.