Security News > 2021 > July > HTML smuggling is the latest cybercrime tactic you need to worry about
Menlo shared the news along with its discovery of an HTML smuggling campaign it named ISOMorph, which uses the same technique the SolarWinds attackers used in their most recent spearphishing campaign.
The ISOMorph attack uses HTML smuggling to drop its first stage on a victim's computer.
HTML smuggling works by exploiting the basic features of HTML5 and JavaScript that are present in web browsers.
Either one, or both combined, can be used for an HTML smuggling attack.
"We believe attackers are using HTML Smuggling to deliver the payload to the endpoint because the browser is one of the weakest links without network solutions blocking it," Menlo said.
That's not to say that defending against HTML smuggling attacks is impossible, though-it just means companies need to assume the threat is real and likely, and to construct security based on that premise, suggests U.K.-based cybersecurity firm SecureTeam.