HTML attachments as an attack vector may seem a bit old-school. However, statistics compiled by Kaspersky Lab indicate that in 2022, that attack is not simply being employed. Still, hackers are making surprisingly regular use of it. The security company detected more than two million emails of this kind targeting Kaspersky customers in the first four months of the year (2022).
The specific breakdown of monthly instances looks like this:
- January 2022: 299,859 instances
- February 2022: 451,020 instances
- March 2022: 851,328 instances
- And April 2022: 386,908 instances
The researchers aren't clear on exactly what caused the massive spike in March, but they note that it returned to expected levels the month following.
Using HTML attachments as an attack vector saw a significant spike in 2019, and then it seemed to fall out of favor. The number of instances dropped markedly and prompted some security researchers to conclude that, based on current trajectories, the attack vector was on the way out.
The last four months seem to have disproved that notion, and HTML attachments are back in fashion in the web's underbelly.
It's important to remember that merely opening these files is, in many cases, enough to have JavaScript run on your system. Unfortunately, that could lead to the target system being hijacked using a malware-assembly-on-disk scheme that could allow it to bypass antivirus software entirely.
This isn't mentioned very often in employee email safety training, but it should be.
As ever, the best defense against phishing attacks is to treat any incoming email message from a sender you don't know with a healthy dose of skepticism. Furthermore, if that email contains an attachment, those attachments should be treated even more skeptically.
