Too Risky to Handle: HEAT Attacks Invading Traditional Security!

What’s fetching the HEAT?

HEAT threats are used to distribute malware or compromised credentials, resulting in ransomware attacks that use strategies to evade detection by several layers of overall security stacks, such as firewalls, Secure Web Gateways, sandbox analysis, URL reputation, and phishing detection. These attacks allow cybercriminals to spread malicious content to the endpoint by adapting to the targeted environment. HEAT attacks bypass all of these traditional detection approaches, exposing a decade or more of enterprise IT investment completely ineffective.

Note:

The Menlo Labs team discovered that 69 percent of malicious URLs used HEAT methods after examining over half a million of them. Furthermore, since July’21, the team witnessed a 224 percent rise in HEAT attacks and identified over 27,000 malware attacks that were delivered using HTML Smuggling within the last 90 days.

Techniques to Bypass Security Defenses

Evades both static and dynamic content inspection - HEAT attacks evade both signature and behavioural analysis engines to deliver malicious payloads to the victim using innovative techniques such as HTML Smuggling. Menlo Labs identified

Evades malicious link analysis - These threats evade malicious link analysis engines traditionally implemented in the email path where links can be analyzed before arriving at the user.

Evades offline categorization and threat detection - HEAT attacks evade web categorization by delivering malware from benign websites, either by compromising them, or patiently creating new ones, referred to as Good2Bad websites.

Evades HTTP traffic inspection - In a HEAT attack, malicious content such as browser exploits, crypto-mining code, phishing kit code and images impersonating known brand’s logos is generated by JavaScript in the browser by its rendering engine, making any detection technique useless.

Key Tenents

The challenge is that because HEAT characteristics have legitimate uses, simply blocking them won’t work. Hence, experts recommend organizations to,

• Shift from a detection to a prevention mindset
• Stop threats before they hit the endpoint
• Incorporate advanced anti-phishing and isolation capabilities

Staying cool: CD Bytes!

Organizations should follow the Zero-Trust Security implementation to avoid the HEAT attacks and limit their susceptibility to those attacks. Prevention is the Key!

Back Blogs