With HTML smuggling, the malicious file is first created on the user's computer. Therefore, traditional anti-malware programs and sandboxes do not detect the attack. AI-based browser isolation provides protection.
HTML smuggling is a highly efficient malware distribution technique that uses legitimate HTML5 and JavaScript functions to infect. This smuggling technique distributes Remote Access Trojans (RATs), banking malware, and other malicious payloads because HTML smuggling bypasses traditional security controls such as web proxies, email gateways, and legacy sandboxes.
Attackers hide their activities in seemingly harmless web traffic, making it difficult for security tools to detect and stop the attack. Zscaler monitors the activities of HTML smugglers such as HTML.Downloader.SmugX or JS.Dropper.GenericSmuggling in the Zero Trust Exchange and puts a stop to their activities through browser isolation.
HTML smuggling often goes undetected
Most modern advanced prevention techniques look for malware or malicious files passed between the user's browser and the website and therefore do not protect against HTML smuggling attacks. When a user accesses a website used for HTML smuggling, the content exchanged between the user's browser and the website consists of an immutable piece containing binary data and JavaScript. The JavaScript is executed in the user's browser, and using the binary data in the immutable blob, the malicious file is created on the user's computer. Since no file is transferred, the attack goes unnoticed by traditional sandbox and anti-malware programs.
AI-based browser isolation prevents HTML smuggling
Browser Isolation can be used to prevent web-based threats from executing. This technology isolates suspicious websites in the Zero Trust Exchange platform and only transmits the secure real-time pixels of the sessions to the user, but not the active content. This breaks the kill chain of modern browser exploits by blocking threats from the endpoint. Browser isolation creates a protective mechanism between users and the Internet that does not impact the user experience.
Risky destinations on the Internet that are accessed directly or distributed using email URLs can be blocked from access using Bowser Isolation policies. An AI-powered Smart Isolation feature can implement this process automatically. This way, any malicious payload delivered via HTML smuggling from these risky targets will be stopped by the container in the Zero Trust Exchange.
Protection for the patient Zero
For productivity reasons, it may be necessary that the browser isolation profile is configured so that file downloads to the user's endpoint are theoretically possible. Even in this scenario, the Zscaler architecture prevents such malware from being successfully activated by integrating Advanced Threat Protection (ATP) and AI-powered sandboxing. The Zero Trust Exchange platform prevents dynamically generated malware based on both known signatures and Patient Zero attacks.
More at Zscaler.com
About Zscaler Zscaler accelerates digital transformation so customers can become more agile, efficient, resilient, and secure. Zscaler Zero Trust Exchange protects thousands of customers from cyberattacks and data loss by securely connecting people, devices, and applications anywhere. The SSE-based Zero Trust Exchange is the world's largest inline cloud security platform, distributed across 150+ data centers around the world.
Matching articles on the topic