Jump to content
  • HTML Smuggling is a New Threat Targetting Browsers

    aum

    • 471 views
    • 2 minutes
     Share


    • 471 views
    • 2 minutes

    HTML Smuggling is a New Threat Targetting Browsers

     

    The ingenious method abuses browser components, circumventing security and making it difficult to catch smugglers

     

    Menlo Security evaluated HTML Smuggling or ISOMorph attacks, revealing that it can transmit malicious files to users while avoiding network security technologies, such as antiquated proxies and sandboxes. 

     

    The new method entails that threat actors are overcoming security measures to inject dangerous payloads directly into their victims' web browser. HTML Smuggling is a sophisticated technique that uses JavaScript to create the malicious payload on the HTML page instead of sending an HTTP request to obtain a web server resource.

     

    The technique is not a vulnerability or a design flaw in browser technology, but rather a tool web developers routinely use to optimize file downloads. ISOMorph attackers use JavaScript code to create the payload directly in the browser. Essentially, the JavaScript code creates an element "a", sets the HREF on the blob, and programmatically clicks it to start the download. The user must open it to execute the malicious malware once the payload is downloaded to the endpoint.

     

    ISOMorph can infect a victim's system through the web browser 


    To efficiently bypass various network security mechanisms such as sandboxes, legacy proxies, and firewalls, HTML Smuggling employs malware. To put it simply, HTML Smuggling is used to send down payloads, as the browser cannot block payloads from network solutions. Because the payload is built directly into the target browser, it is nearly impossible for traditional security solution systems to detect.

     

    SecureTeam points out that while the first instinct would be to disable JavaScript, it is not feasible since it is connected to many legitimate web apps and systems.While scary, it's not difficult to protect against HTML attacks.SecureTeam recommends an intelligent network security design that includes many layers given by various technologies to create a "Defense in Depth" environment. Even if malware manages to cross network boundaries, other defenses within the network can detect and combat the infection.

     

    Source

    • Like 3

    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...