14 DAY TRIAL // Menlo Security evaluated HTML Smuggling or ISOMorph attacks, revealing that it can transmit malicious files to users while avoiding network security technologies, such as antiquated proxies and sandboxes.
The new method entails that threat actors are overcoming security measures to inject dangerous payloads directly into their victims' web browser. HTML Smuggling is a sophisticated technique that uses JavaScript to create the malicious payload on the HTML page instead of sending an HTTP request to obtain a web server resource.
The technique is not a vulnerability or a design flaw in browser technology, but rather a tool web developers routinely use to optimize file downloads. ISOMorph attackers use JavaScript code to create the payload directly in the browser. Essentially, the JavaScript code creates an element "a", sets the HREF on the blob, and programmatically clicks it to start the download. The user must open it to execute the malicious malware once the payload is downloaded to the endpoint.
ISOMorph can infect a victim's system through the web browser
To efficiently bypass various network security mechanisms such as sandboxes, legacy proxies, and firewalls, HTML Smuggling employs malware. To put it simply, HTML Smuggling is used to send down payloads, as the browser cannot block payloads from network solutions. Because the payload is built directly into the target browser, it is nearly impossible for traditional security solution systems to detect.
SecureTeam points out that while the first instinct would be to disable JavaScript, it is not feasible since it is connected to many legitimate web apps and systems.While scary, it's not difficult to protect against HTML attacks.SecureTeam recommends an intelligent network security design that includes many layers given by various technologies to create a "Defense in Depth" environment. Even if malware manages to cross network boundaries, other defenses within the network can detect and combat the infection.