1 min read

New Phishing Attacks Use HTML Email Attachments

HTML attachments as an attack vector may seem a little old school. However, according to statistics compiled by Kaspersky Lab indicates that in 2022, that form of attack is not just simply still being employed, but hackers are making surprisingly regular use of it.  The security company detected more than two million emails of this kind targeting Kaspersky customers in the first four months of the year (2022).

The specific breakdown of monthly instances looks like this:

  • January 2022: 299,859 instances
  • February 2022: 451,020 instances
  • March 2022: 851,328 instances
  • And April 2022: 386,908 instances

The researchers aren’t clear on exactly what caused the huge spike in March but they note that it returned to expected levels the month following.

Using HTML attachments as an attack vector saw a big spike in 2019 and then it seemed to fall out of favor. The number of instances dropped markedly and prompted some security researchers to conclude that, based on current trajectories, the attack vector was on the way out.

The last four months seem to have disproved that notion and HTML attachments are back in fashion in the underbelly of the web.

It’s important to remember that merely opening these files is in many cases enough to have JavaScript run on your system. That could lead to the target system being hijacked using a malware-assembly-on-disk scheme that could allow it to bypass antivirus software entirely.

This isn’t something that gets mentioned very often in employee email safety training, but it should be.

As ever, the best defense against any type of phishing attack is to treat any incoming email message from a sender you don’t know with a healthy dose of skepticism. If that email contains an attachment, those attachments should be treated even more skeptically. If you’re looking for cybersecurity and phishing protection on the West Coast, contact Heroic Tech today!

Used with permission from Article Aggregator

The Cybersecurity Tools Are Fine. The Strategy Is What's Missing

The Cybersecurity Tools Are Fine. The Strategy Is What's Missing

TL;DR: Most businesses that experience a serious cyber incident had security tools in place when it happened. The problem isn't the firewall or the...

Read the full blog
What Your Law Firm's Ethical Obligations Actually Require from Your IT Infrastructure

What Your Law Firm's Ethical Obligations Actually Require from Your IT Infrastructure

TL;DR: Law firms holding privileged client data aren't just security targets; they're ethical custodians with documented obligations under ABA Model...

Read the full blog
Your Law Firm's IT Partner Is Either an Asset or a Liability. Which One Do You Have?

Your Law Firm's IT Partner Is Either an Asset or a Liability. Which One Do You Have?

TL;DR: Most law firms don't have an IT problem; they have an IT partner problem. A generalist provider can keep the lights on, but supporting legal...

Read the full blog

1 min read

The Rising Threat of Cyber Attacks: A Modern Challenge

Cyber threats have transformed significantly over the years, progressing from basic spyware in the early 2000s to today’s sophisticated attacks that...

Read the full blog
How to Prevent Phishing Attacks: Cybersecurity Tips for Lawyers

1 min read

How to Prevent Phishing Attacks: Cybersecurity Tips for Lawyers

Law firms are prime targets for cybercriminals. Handling highly sensitive client information, legal teams face mounting threats from sophisticated...

Read the full blog

1 min read

Common Aspects of Phishing Attacks

Phishing attacks, despite their ever-evolving tactics and techniques, all share a common thread that connects them: the goal of exploiting...

Read the full blog