Around two-thirds of PDF attachments were deemed to be malicious.
A quarter of HTML attachments have been determined to be malicious, making them the most weaponised text file type.
According to research from Barracuda Networks, 68 percent of malicious PDF attachments and 83 percent of malicious Microsoft documents contain QR codes designed to take users to phishing websites. Also, Bitcoin sextortion scams account for 12 percent of malicious PDF attachments.
Phishing or credential stuffing was also used in around 20 percent of instances where an attempted or successful account takeover took place.
Olesia Klevchuk, product marketing director, email protection at Barracuda, said: “Malicious email attachments, QR codes and URLs are used by attackers to distribute malware, launch phishing campaigns and exploit vulnerabilities.
“Many organisations increase their risk level by failing to implement DMARC, making it possible for attackers to impersonate their brand and implement fraudulent attacks. Organisations need to mitigate the risks by implementing best practice industry standards and adopting a multi-layered approach to email security, leveraging AI-driven threat detection to spot attacks hidden in attachments and malicious websites.”
Written by
Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.
