enlo Security , a leader in
M cloud security , has announced it has identified a surge in cyberthreats , termed Highly Evasive Adaptive Threats ( HEAT ), that bypass traditional security defences . HEAT attacks are a class of cyberthreats targeting web browsers as the attack vector and employ techniques to evade detection by multiple layers in current security stacks , including firewalls , secure web gateways , sandbox analysis , URL reputation and phishing detection . HEAT attacks are used to deliver malware or to compromise credentials , which in many cases leads to ransomware attacks . In an analysis of almost 500,000 malicious domains , the Menlo Security Labs research team discovered that 69 % of these websites used HEAT tactics to deliver malware . These attacks allow bad actors to deliver malicious content to the endpoint by adapting to the targeted environment . Since July 2021 , Menlo Security has seen a 224 % increase in HEAT attacks .
|
HEAT attacks leverage one or more of the following core techniques that bypass legacy network security defences :
• Evades both static and dynamic content inspection : HEAT attacks evade both signature and behavioural analysis engines to deliver malicious payloads to the victim using innovative techniques such as HTML Smuggling . This technique is used by threat actors including Nobelium , the hacking group behind the SolarWinds ransomware attack . In one recent case , dubbed ISOMorph , the Menlo Labs research team observed the campaign using the popular Discord messaging app to host malicious payloads .
• Evades malicious link analysis : These threats evade malicious link analysis engines traditionally implemented in the email path where links can be analysed before arriving at the user .
• Evades offline categorisation and threat detection : HEAT attacks evade
|
web categorisation by delivering malware from benign websites , either by compromising them or patiently creating new ones . Referred to as Good2Bad websites . Menlo Labs has been tracking an active threat campaign dubbed SolarMarker , which employs SEO poisoning . The campaign started by compromising a large set of low-popularity websites that had been categorised as benign , infecting these websites with malicious content .
• Evades HTTP traffic inspection : In a HEAT attack , malicious content such as browser exploits , cryptomining code , phishing kit code and images impersonating known brands ’ logos is generated by JavaScript in the browser by its rendering engine , making any detection technique useless .
“ With the abrupt move to remote working in 2020 , every organisation had to pivot to a work from anywhere model and accelerate their migration to cloud-based applications ,” said Amir Ben-Efraim , Co-founder and CEO of Menlo Security .
“ An industry report found that 75 % of the working day is spent in a web browser , which has quickly become the primary attack surface for threat actors , ransomware and other attacks .
“ The industry has seen an explosion in the number and sophistication of these highly evasive attacks and most businesses are unprepared and lack the resources to prevent them . Cyberthreats are a mainstream problem and a boardroom issue that should be on everyone ’ s agenda .” u
|
intelligent CLOUD SECURITY |
|||
www . intelligentciso . com
|
55
|