HTML Smuggling

A new attack technique known as ‘HTML smuggling’ spreads malware via email and is increasingly targeting all organizations.
What Is HTML Smuggling and How Does It Work?
HTML smuggling makes use of JavaScript and HTML5 features to distribute malware such as viruses and ransomware, banking trojans such as Mekotio and Trickbot, remote access trojans such as AsyncRAT/NJRAT, and other malicious payloads. One method of attack could be to send an HTML file attachment containing an encoded malicious script. When an unsuspecting user opens the HTML file in their browser, the malicious script is decoded, and the malicious payload is assembled on the user’s device. This allows the attacker to build the malware locally, behind the firewall, rather than requiring the malicious executable to traverse a network.
Staying Safe From HTML Smuggling Attacks
To successfully defend against HTML smuggling, a layered security approach is required. Microsoft advises stopping the attack chain before it starts. Begin by contacting an IT provider who can assist you in remaining secure.
JENLOR recommends the following measures to protect against HTML smuggling and other attacks that are likely to slip through perimeter defenses:
- Limit an attacker’s ability to move laterally by segmenting networks.
- Utilize services such as Microsoft Windows Attack Surface Reduction, which protects machines at the operating system level from malicious scripts and the spawning of invisible child processes.
- Ensure that firewall rules are configured to block traffic from known malicious domains and IP addresses.
JENLOR can help organizations concerned about HTML smuggling by providing security awareness training as well as email security with targeted threat protection, attachment protection, and URL protection.