HTML files remain one of the most popular attachments used in phishing attacks for the first four months of 2022, showing that the technique remains effective against antispam engines and works well on the victims themselves.

HTML (HyperText Markup Language) is a language that defines the meaning and structure of web content. HTML files are interactive content documents designed specifically for digital viewing within web browsers.

In phishing emails, HTML files are commonly used to redirect users to malicious sites, download files, or to even display phishing forms locally within the browser.

As HTML is not malicious, attachments tend not to be detected by email security products, thus doing a good landing in recipients’ inboxes.

Statistical data from Kaspersky indicates that the trend of using HTML attachments in malicious emails is still going strong, as the security company detected 2 million emails of this kind targeting its customers in the first four months of the year.

The numbers culminated in March 2022, when Kaspersky’s telemetry data counted 851,000 detections, while a drop to 387,000 in April could be just a momentary shift.

How HTML evades detection

The phishing forms, redirection mechanisms, and data-stealing elements in HTML attachments are typically implemented using various methods, ranging from simple redirects to obfuscating JavaScript to hide phishing forms.

Attachments are base64 encoded when present in email messages, allowing secure email gateways and antivirus software to easily scan attachments for malicious URLs, scripts, or other behavior.

To evade detection, threat actors commonly use JavaScript in the HTML attachments that will be used to generate the malicious phishing form or redirect.

The use of JavaScript in HTML attachments to hide malicious URLs and behavior is called HTML smuggling and has become a very popular technique over the past few years.

To make it even harder to detect malicious scripts, threat actors obfuscate them using freely-available tools that can accept custom configuration for a unique, and thus less likely to be detected, result and thus evade detection.

For example, in November, we reported that threat actors used morse code in their HTML attachment to obfuscate a phishing form that the HTML attachment would display when opened.

Kaspersky notes that in some cases, the threat actors use encoding methods involving deprecated functions like the “unescape()”, which substitutes “%xx” character sequences in the string with their ASCII equivalents.

While this function has been replaced by decodeURI() and decodeURIComponent() today, most modern browsers still support it. Still, it might be ignored by security tools and antispam engines that focus more on current methods.

Conclusion

HTML attachment distribution was first seen spiking in 2019, but they remain a common technique in 2022 phishing campaigns, so they should be seen as red flags.

Remember, merely opening these files is often enough to have JavaScript run on your system, which may lead to automatic malware assembly on the disk and the bypassing of security software.

As the security software doesn’t detect an attachment as malicious, recipients may be more likely to open them and become infected.

Even if your email security solution doesn’t generate any warnings, you should always treat HTML attachments as highly suspicious.

Are you interested in learning more about cybersecurity? Call us today and discover how our wide array of tech services can safeguard your business.

If you are looking for an expert to help you find the best solutions for your business talk to GCInfotech about a free technology assessment

Published with consideration from bleepingcomputer.com SOURCE

Small businesses aren’t exempt from Russian cyberthreats, according to US officials. Here’s what to know.

In the wake of Russia’s invasion of Ukraine, cybersecurity concerns in the US are mounting for small businesses, home offices and larger enterprises, according to national security alerts issued by the FBI, DHS and CISA.

Even though government-sponsored attacks are gaining public attention, cyberattacks from independent actors or groups are always a concern for small to midsize businesses. Factors like budget and IT staff limitations can leave small businesses more vulnerable to cyberattacks. The Small Business Administration reported there were 32.5 million small businesses in the US as of 2021.

There’s no foolproof way to completely protect yourself from online attacks, but the first step is to understand what the threat is, where your business may be at risk and which proactive steps you can take. To that end, we’ve compiled a list of cybersecurity tips for small business owners.

Know the most common cyberattacks

Cyberattacks can take many forms and are constantly evolving, according to the US Small Business Administration, but the best defense is knowing the most common cyberattack forms like malware, viruses, ransomware and phishing.

Malware is an umbrella term for malicious software that aims to damage your computer, server, network or client.

Viruses and ransomware are also considered as types of malware. Viruses mean to infect your computer as well as other devices, leaving your system vulnerable. Ransomware, which has been on the rise in the US, works like a virus, but is usually delivered through a phishing email and essentially holds your system hostage until a sum is paid.

Phishing is a type of scam that tricks people into clicking links that appear legitimate, but are actually malicious. Clicking the link infects your device with malware. Once your system is infected, cybercriminals can attempt to steal sensitive information. Phishing falls in a wider category of social engineering, a tactic meant to deceive individuals into disclosing sensitive information or clicking a malicious link.

Train employees to be security-conscious

Cybersecurity is a team effort. Make sure your employees create strong passwords and reset them on a regular schedule. Employees should be aware of red flags that indicate phishing emails and malicious files, as well as have an action plan in the event that an attack happens. It’s also important to keep devices, software and browsers up to date. The FCC suggests establishing clear guidelines for internet use, how to best handle customer data, as well as penalties for violating those policies.

Secure your Wi-Fi networks

Your business’ Wi-Fi should be secure, encrypted and hidden, according to the FCC. Your business’ router needs to be password protected, and it shouldn’t broadcast the network name.

If your small business is operated out of your home, consider whether it’s time to upgrade your router to handle modern security threats. If you’re new to Wi-Fi networking, CNET has a handy FAQ that covers the basics.

Back up your files

Cyberattacks often mean to compromise, delete or steal your data. Backup programs can help mitigate this risk. It’s even better if the backup software you’re using lets you set up a schedule or automate backups, according to cybersecurity firm Kaspersky. Keep a copy of your backups offline in case of a cyberattack.

Use antivirus software

Finding the right antivirus software is an important weapon in your small business’ arsenal against cybercrime. Antivirus software doesn’t have to break your bank either — Microsoft Defender is free for Windows, for example. Check out CNET’s guide for the best antivirus software for more information.

For more information, check out big tech’s efforts to support Ukraine shift the industry’s role and how you can help Ukraine refugees and those affected by Russia’s invasion.

Are you interested in learning more about cybersecurity? Call us today and discover how our wide array of tech services can safeguard your business.

If you are looking for an expert to help you find the best solutions for your business talk to GCInfotech about a free technology assessment

Published with consideration from cnet.com SOURCE