Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the easy-accordion-free domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/mother99/jacksonholdingcompany.com/wp-includes/functions.php on line 6114

Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the zoho-flow domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/mother99/jacksonholdingcompany.com/wp-includes/functions.php on line 6114

Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wordpress-seo domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/mother99/jacksonholdingcompany.com/wp-includes/functions.php on line 6114

Warning: Cannot modify header information - headers already sent by (output started at /home/mother99/jacksonholdingcompany.com/wp-includes/functions.php:6114) in /home/mother99/jacksonholdingcompany.com/wp-includes/rest-api/class-wp-rest-server.php on line 1893

Warning: Cannot modify header information - headers already sent by (output started at /home/mother99/jacksonholdingcompany.com/wp-includes/functions.php:6114) in /home/mother99/jacksonholdingcompany.com/wp-includes/rest-api/class-wp-rest-server.php on line 1893

Warning: Cannot modify header information - headers already sent by (output started at /home/mother99/jacksonholdingcompany.com/wp-includes/functions.php:6114) in /home/mother99/jacksonholdingcompany.com/wp-includes/rest-api/class-wp-rest-server.php on line 1893

Warning: Cannot modify header information - headers already sent by (output started at /home/mother99/jacksonholdingcompany.com/wp-includes/functions.php:6114) in /home/mother99/jacksonholdingcompany.com/wp-includes/rest-api/class-wp-rest-server.php on line 1893

Warning: Cannot modify header information - headers already sent by (output started at /home/mother99/jacksonholdingcompany.com/wp-includes/functions.php:6114) in /home/mother99/jacksonholdingcompany.com/wp-includes/rest-api/class-wp-rest-server.php on line 1893

Warning: Cannot modify header information - headers already sent by (output started at /home/mother99/jacksonholdingcompany.com/wp-includes/functions.php:6114) in /home/mother99/jacksonholdingcompany.com/wp-includes/rest-api/class-wp-rest-server.php on line 1893

Warning: Cannot modify header information - headers already sent by (output started at /home/mother99/jacksonholdingcompany.com/wp-includes/functions.php:6114) in /home/mother99/jacksonholdingcompany.com/wp-includes/rest-api/class-wp-rest-server.php on line 1893

Warning: Cannot modify header information - headers already sent by (output started at /home/mother99/jacksonholdingcompany.com/wp-includes/functions.php:6114) in /home/mother99/jacksonholdingcompany.com/wp-includes/rest-api/class-wp-rest-server.php on line 1893
{"id":1861,"date":"2023-12-06T08:54:17","date_gmt":"2023-12-06T08:54:17","guid":{"rendered":"https:\/\/jacksonholdingcompany.com\/outsmart-evasive-html-smuggling-attacks-with-ai-powered-browser-isolation-and-sandbox-amit-jain\/"},"modified":"2023-12-06T08:54:17","modified_gmt":"2023-12-06T08:54:17","slug":"outsmart-evasive-html-smuggling-attacks-with-ai-powered-browser-isolation-and-sandbox-amit-jain","status":"publish","type":"post","link":"https:\/\/jacksonholdingcompany.com\/outsmart-evasive-html-smuggling-attacks-with-ai-powered-browser-isolation-and-sandbox-amit-jain\/","title":{"rendered":"Outsmart Evasive HTML Smuggling Attacks with AI-Powered Browser Isolation and Sandbox Amit Jain"},"content":{"rendered":"

HTML smuggling is a highly evasive malware delivery technique that exploits legitimate HTML5 and JavaScript features to evade detection and deploy remote access trojans (RATs), banking malware and other malicious payloads. HTML smuggling bypasses traditional security controls like web proxy, email gateway, and legacy sandbox. These attacks are difficult to stop and are just one of many inventive ways in which threat actors compromise organizations daily. <\/p>\n

The Zscaler Zero Trust Exchange protects against these attacks with natively integrated prevention capabilities for zero-day protection.
\nThe Blueprint of HTML Smuggling<\/p>\n

Attackers are able to hide malicious HTML smuggling activity within seemingly harmless web traffic, making it difficult for legacy security tools to detect and block the attack.<\/p>\n

Source: emcrc.co.uk<\/p>\n

Most modern advanced prevention layers do not protect against HTML smuggling attacks as those look for malware or files being transacted between the end user\u2019s browser and the webpage. When a user accesses a web page intended to deliver an HTML smuggling attack, the content exchanged between the user\u2019s browser and the webpage is an immutable blob containing binary data and JavaScript, not as a file. The JavaScript is executed on the user\u2019s browser, and using the binary data in the immutable blob, the malicious file is constructed on the end user\u2019s computer. As there is no file transferred over the wire, the attack goes unnoticed by the legacy sandbox and anti-malware engines.
\nZscaler Approach: Power of Platform<\/p>\n

As attackers continue to innovate with new and sophisticated threat vectors, organizations need to put in dynamic, integrated, layered security controls to stop threats that have never been seen before. The Zscaler Zero Trust Exchange has been built with this goal in mind, providing defense in depth against new and evasive techniques, including HTML smuggling, patient-zero malware, and more. <\/p>\n

Zscaler products such as AI-powered Browser Isolation, natively integrated with AI-powered Sandboxing and Advanced Threat Protection (ATP), thwart such attacks comprehensively.
\nAI-powered Browser Isolation<\/p>\n

Browser Isolation stops web-based threats in their tracks. It isolates suspicious web pages in the Zero Trust Exchange and streams only the real-time, safe pixels of the sessions to the end user and not the active content. This keeps threats from reaching endpoints, thereby disrupting the kill chain of modern-day browser exploits. It creates an air gap between users and the web while keeping the user experience intact.<\/p>\n

Risky internet destinations, whether accessed directly or via email URLs, can be configured via policy to be fired up within Browser Isolation. AI-powered Smart Isolation enablement can accomplish that automatically. Thus, any malicious payload delivered via HTML smuggling from these risky destinations is restricted to the ephemeral container in the Zero Trust Exchange itself, thus protecting the endpoints.<\/p>\n

Together with AI-powered Sandbox and ATP<\/p>\n

For productivity reasons, it may be required that the Browser Isolation profile is configured to allow file downloads to the user\u2019s endpoint. The user may try to download that malware to the endpoint out of curiosity. Even in that scenario, the unique Zscaler architecture with native integration of ATP and AI-powered Sandbox will prevent such malware from being downloaded to the endpoint. This dynamically generated malware could either have known signatures or be a patient-zero. Either way, users will be protected
\nKnown Malware<\/p>\n

Here are some examples of signatures (as seen in the Zscaler ThreatLabz Library) leveraged by ATP to block such malware.<\/p>\n

HTML.Downloader. SmugX (protected by Anti-Malware engine)<\/p>\n

JS.Dropper.GenericSmuggling (protected by Intrusion-Prevention Service)<\/p>\n

JS.MalURL.Duri (protected by Intrusion-Prevention Service)<\/p>\n

Patient-Zero Malware<\/p>\n

AI\/ML-driven Zscaler\u2019s Cloud Sandbox can stop unknown threats inline, preventing the patient-zero malware from being downloaded to the endpoint.<\/p>\n

Embark on the platform journey!<\/p>\n

In a nutshell, attacks like HTML smuggling, no matter how evasive they may be, cannot escape the Zscaler Zero Trust Exchange. That\u2019s the power of the platform! Experience the One True Zero!<\/p>\n

Tech Tidbit – The Russian cybercriminal collective Nobelium \u2013 the group behind the SolarWinds attacks \u2013 is infamous for using HTML smuggling to deliver malware.\u00a0\u00a0<\/p>\n

\u200b<\/p>\n

\n
\n
\n
\n
\n
\n
\n

Zscaler: A Leader in the 2023 Gartner\u00ae Magic Quadrant\u2122 for Security Service Edge (SSE)<\/p>\n

Get the full report<\/a><\/p><\/div>\n

<\/div>\n<\/div>\n
Your world, secured<\/a><\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n
\n
\n
\n
\n
\n