HTML Smuggling: Sophisticated Attacks and How To Prevent Catastrophic Outcomes

Since the beginning of the pandemic, cybercrime has grown rapidly, rising 600% since the start of the quarantine. Even when broken down, each form of cyberattack has also seen growth since 2019. However, out of all the types of cyberattacks, one that businesses are starting to look out for and combat after Microsoft (News - Alert) issued a warning is HTML smuggling.

HTML smuggling is a technique used in phishing campaigns that use HTML5 and JavaScript to hide malicious payloads in encoded strings in an HTML attachment or webpage. These strings are then decoded by a browser when a user opens the attachment or clicks a link.  It’s increasingly used in email campaigns that deploy banking malware, remote access Trojans (RATs), and other payloads related to targeted attacks.

“As the name suggests, HTML smuggling lets an attacker smuggle an encoded malicious script within a specially crafted HTML attachment or web page while simultaneously evading perimeter security solutions,” said Halis Osman Erkan, founder and CEO, DefensX, and endpoint security solution provider focused on protecting against web-borne threats. “Instead of having a malicious executable pass directly through a network, the attacker builds the malware locally behind all network layer security including secure web gateways. This is extremely problematic for businesses without having intelligent software in place to identify and stop these growing threats.”

Unfortunately, when it comes to defending, HTML smuggling presents challenges to traditional security solutions, according to Erkan. “Effectively defending against this stealthy technique requires security on every device, and for every web or email session. It is always better to thwart an attack early in the attack chain—at the email gateway and web filtering level. However, If the threat manages to fall through the cracks of perimeter security and is delivered to a host machine, businesses are finding that endpoint security solutions can prevent execution.”
 

“Ultimately, the best defense is to train users on cyber security best practices, credential exposure protection, web-borne threats, and zero trust file protection” Erkan explained. “All files downloaded from an email should be treated with caution and checked carefully before being opened. However, as we enter a new virtual age, digital nuances will become harder and harder for the average employee to remember, especially as social engineering as a way to lure end-users to let down their guard becomes more realistic.”

To truly be secure against the rise of HTML smuggling, companies must bolster their cyber-defenses, with endpoint security solutions holding a myriad of benefits when it comes to keeping unwanted intruders out of one's files.