New Threat Research: Uncovering Adversarial LDAP Tradecraft

Read Threat Research


HTML Files Still One of the Most Popular Attachments Used for Phishing

According to researchers at Kaspersky, statistical data is showing that the use of HTML files within phishing emails is still very prominent. The company detected over two million emails with these types of attachments targeting their customers in the first four months of 2022. HTML (HyperText Markup Language) is a language that defines the meaning and structure of web content. HTML files are interactive content documents designed specifically for digital viewing within web browsers. These files are not malicious by themselves, and work well when trying to bypass anti-spam filters and trick users into opening when contained as an attachment within emails. These files are commonly used to redirect victims to malicious websites, download files, or display credential-stealing forms within a browser. HTML attachments are typically base64 encoded, which allows filters to easily scan them for malicious URLs or documents. To bypass detections, threat actors will often include JavaScript within the HTML document to bypass filtering but still be able to run malicious code once the HTML document is opened.

Analyst Notes

The best way to prevent these types of attacks is to educate employees on what to look for within phishing emails and explain that HTML may not typically be sent within an organization, which should make employees skeptical when they receive them. Using a monitoring service on endpoints, such as Binary Defense’s Managed Detection and Response, will help prevent attacks as they will be recognized quickly when they begin and quarantined before they can spread throughout a network.