HTML Smuggling on Rise
Microsoft warn that threat actors are increasingly using HTML smuggling technique in phishing campaigns to stealthily deliver threats.
HTML smuggling lets an attacker “smuggle” an encoded malicious script within a specially crafted HTML attachment or web page. When a target user opens the HTML in their web browser, the browser decodes the malicious script, which, in turn, assembles the payload on the host device.Thus, instead of having a malicious executable pass directly through a network, the attacker builds the malware locally behind a firewall.
The emails employed in the campaign attributed to DEV-0193 used a specially crafted HTML page as an attachment.
Organizations need a true “defense in depth” strategy and a multi-layered security solution that inspects email delivery, network activity, endpoint behavior, and follow-on attacker activities
1 thought on “HTML Smuggling on Rise”
Reblogged this on muunyayo .