HTML files remain one of the most popular attachments used in phishing attacks for the first four months of 2022, showing that the technique remains effective against antispam engines and works well on the victims themselves.

HTML (HyperText Markup Language) is a language that defines the meaning and structure of web content. HTML files are interactive content documents designed specifically for digital viewing within web browsers.

In phishing emails, HTML files are commonly used to redirect users to malicious sites, download files, or to even display phishing forms locally within the browser.

As HTML is not malicious, attachments tend not to be detected by email security products, thus doing a good landing in recipients’ inboxes.

Statistical data from Kaspersky indicates that the trend of using HTML attachments in malicious emails is still going strong, as the security company detected 2 million emails of this kind targeting its customers in the first four months of the year.

The numbers culminated in March 2022, when Kaspersky’s telemetry data counted 851,000 detections, while a drop to 387,000 in April could be just a momentary shift.

How HTML evades detection

The phishing forms, redirection mechanisms, and data-stealing elements in HTML attachments are typically implemented using various methods, ranging from simple redirects to obfuscating JavaScript to hide phishing forms.

Attachments are base64 encoded when present in email messages, allowing secure email gateways and antivirus software to easily scan attachments for malicious URLs, scripts, or other behavior.

To evade detection, threat actors commonly use JavaScript in the HTML attachments that will be used to generate the malicious phishing form or redirect.

The use of JavaScript in HTML attachments to hide malicious URLs and behavior is called HTML smuggling and has become a very popular technique over the past few years.

To make it even harder to detect malicious scripts, threat actors obfuscate them using freely-available tools that can accept custom configuration for a unique, and thus less likely to be detected, result and thus evade detection.

For example, in November, we reported that threat actors used morse code in their HTML attachment to obfuscate a phishing form that the HTML attachment would display when opened.

Kaspersky notes that in some cases, the threat actors use encoding methods involving deprecated functions like the “unescape()”, which substitutes “%xx” character sequences in the string with their ASCII equivalents.

While this function has been replaced by decodeURI() and decodeURIComponent() today, most modern browsers still support it. Still, it might be ignored by security tools and antispam engines that focus more on current methods.

Conclusion

HTML attachment distribution was first seen spiking in 2019, but they remain a common technique in 2022 phishing campaigns, so they should be seen as red flags.

Remember, merely opening these files is often enough to have JavaScript run on your system, which may lead to automatic malware assembly on the disk and the bypassing of security software.

As the security software doesn’t detect an attachment as malicious, recipients may be more likely to open them and become infected.

Even if your email security solution doesn’t generate any warnings, you should always treat HTML attachments as highly suspicious.

Are you interested in learning more about cybersecurity? Call us today and discover how our wide array of tech services can safeguard your business.

If you are looking for an expert to help you find the best solutions for your business talk to GCInfotech about a free technology assessment

Published with consideration from bleepingcomputer.com SOURCE

Small businesses aren’t exempt from Russian cyberthreats, according to US officials. Here’s what to know.

In the wake of Russia’s invasion of Ukraine, cybersecurity concerns in the US are mounting for small businesses, home offices and larger enterprises, according to national security alerts issued by the FBI, DHS and CISA.

Even though government-sponsored attacks are gaining public attention, cyberattacks from independent actors or groups are always a concern for small to midsize businesses. Factors like budget and IT staff limitations can leave small businesses more vulnerable to cyberattacks. The Small Business Administration reported there were 32.5 million small businesses in the US as of 2021.

There’s no foolproof way to completely protect yourself from online attacks, but the first step is to understand what the threat is, where your business may be at risk and which proactive steps you can take. To that end, we’ve compiled a list of cybersecurity tips for small business owners.

Know the most common cyberattacks

Cyberattacks can take many forms and are constantly evolving, according to the US Small Business Administration, but the best defense is knowing the most common cyberattack forms like malware, viruses, ransomware and phishing.

Malware is an umbrella term for malicious software that aims to damage your computer, server, network or client.

Viruses and ransomware are also considered as types of malware. Viruses mean to infect your computer as well as other devices, leaving your system vulnerable. Ransomware, which has been on the rise in the US, works like a virus, but is usually delivered through a phishing email and essentially holds your system hostage until a sum is paid.

Phishing is a type of scam that tricks people into clicking links that appear legitimate, but are actually malicious. Clicking the link infects your device with malware. Once your system is infected, cybercriminals can attempt to steal sensitive information. Phishing falls in a wider category of social engineering, a tactic meant to deceive individuals into disclosing sensitive information or clicking a malicious link.

Train employees to be security-conscious

Cybersecurity is a team effort. Make sure your employees create strong passwords and reset them on a regular schedule. Employees should be aware of red flags that indicate phishing emails and malicious files, as well as have an action plan in the event that an attack happens. It’s also important to keep devices, software and browsers up to date. The FCC suggests establishing clear guidelines for internet use, how to best handle customer data, as well as penalties for violating those policies.

Secure your Wi-Fi networks

Your business’ Wi-Fi should be secure, encrypted and hidden, according to the FCC. Your business’ router needs to be password protected, and it shouldn’t broadcast the network name.

If your small business is operated out of your home, consider whether it’s time to upgrade your router to handle modern security threats. If you’re new to Wi-Fi networking, CNET has a handy FAQ that covers the basics.

Back up your files

Cyberattacks often mean to compromise, delete or steal your data. Backup programs can help mitigate this risk. It’s even better if the backup software you’re using lets you set up a schedule or automate backups, according to cybersecurity firm Kaspersky. Keep a copy of your backups offline in case of a cyberattack.

Use antivirus software

Finding the right antivirus software is an important weapon in your small business’ arsenal against cybercrime. Antivirus software doesn’t have to break your bank either — Microsoft Defender is free for Windows, for example. Check out CNET’s guide for the best antivirus software for more information.

For more information, check out big tech’s efforts to support Ukraine shift the industry’s role and how you can help Ukraine refugees and those affected by Russia’s invasion.

Are you interested in learning more about cybersecurity? Call us today and discover how our wide array of tech services can safeguard your business.

If you are looking for an expert to help you find the best solutions for your business talk to GCInfotech about a free technology assessment

Published with consideration from cnet.com SOURCE

Windows 10 backup

Business owners are becoming more aware of the damaging effects of data loss. Companies now realize that without safe and reliable data backup, important business information can fall into the wrong hands or be lost forever. Fortunately, Windows 10 offers easy-to-use tools like File History and OneDrive.

File History in Windows 10

Serving as the main backup utility, File History enables users to regularly schedule backing up of files on their PC and store them on an external drive. That means you can connect your PC to a network or USB drive and make backups as needed.

However, be sure to regularly connect the external drive if you intend to use File History for backups. Otherwise, Windows will prompt you that your files have not been backed up every day. You can ignore this warning at your own risk. If you back up to a mapped network that is unavailable, File History will commence backup in the local disk until the network drive becomes available.

Setting up File History

Anyone can set up File History. After all, it was designed to make data backup and recovery easy for users. By default, File History backs up the main file folders, but you may also pick which folders you want to back up and bring in folders from other parts of the PC to do this.

From the Start menu, click on Settings > Update & Security > Backup.

Once in Backup, you can connect to an external drive. Click on Add a drive to see a list of external hard drives hooked up to your PC and choose one.

When you return to the Backup section, you will see that the Add a drive option has changed to Automatically back up my files (by default). This allows backups to be created at periodic intervals, which you can set to anywhere from every 10 minutes to once a day (the default option is once every hour). You may also set how long to keep the backups.

Restoring files that have already been backed up is just as easy as setting up backups. Simply type “File History” in the search bar. Then, you will see the “Restore your files with File History” folder. Selecting this opens a new window showing the folders backed up onto your external drives.

Setting up OneDrive backup option

If you have access to a network drive or the cloud, back up to it instead of locally. One such cloud option is OneDrive. You can prompt OneDrive to automatically back up your files. Just click on the cloud icon in the Windows notification area, then select More > Settings > Backup > Manage backup.

Not only will selected folders sync in OneDrive, but new and existing files will also be backed up to OneDrive, so they can be accessed using other devices in case something happens to your PC.

Making system image backups

A system image is an exact replica of your entire operating system, along with all the programs, settings, and files. If you created a system image backup using the Windows 7 Backup and Restore tool in Windows 7, it will still work in Windows 10.

To use this feature, access the Backup and Restore (Windows 7) option from the Control Panel. Click on Create a system image, choose where to store the backup (i.e., an external hard drive, network drive, or DVD), and which drives or files to back up. You will then be asked to make a system repair disc, which you can use to start a PC and restore the image backup.

Never worry about losing files in Windows 10. For more tips on how to successfully back up and restore data, contact us today.

If you are looking for an expert to help you find the best solutions for your business talk to GCInfotech about a free technology assessment

Published with consideration from TechAdvisory.org SOURCE