Share
HEAT threats are used to distribute malware or compromised credentials, resulting in ransomware attacks that use strategies to evade detection by several layers of overall security stacks, such as firewalls, Secure Web Gateways, sandbox analysis, URL reputation, and phishing detection. These attacks allow cybercriminals to spread malicious content to the endpoint by adapting to the targeted environment. HEAT attacks bypass all of these traditional detection approaches, exposing a decade or more of enterprise IT investment completely ineffective.
The Menlo Labs team discovered that 69 percent of malicious URLs used HEAT methods after examining over half a million of them. Furthermore, since July’21, the team witnessed a 224 percent rise in HEAT attacks and identified over 27,000 malware attacks that were delivered using HTML Smuggling within the last 90 days.
Evades both static and dynamic content inspection - HEAT attacks evade both signature and behavioural analysis engines to deliver malicious payloads to the victim using innovative techniques such as HTML Smuggling. Menlo Labs identified
Evades malicious link analysis - These threats evade malicious link analysis engines traditionally implemented in the email path where links can be analyzed before arriving at the user.
Evades offline categorization and threat detection - HEAT attacks evade web categorization by delivering malware from benign websites, either by compromising them, or patiently creating new ones, referred to as Good2Bad websites.
Evades HTTP traffic inspection - In a HEAT attack, malicious content such as browser exploits, crypto-mining code, phishing kit code and images impersonating known brand’s logos is generated by JavaScript in the browser by its rendering engine, making any detection technique useless.
The challenge is that because HEAT characteristics have legitimate uses, simply blocking them won’t work. Hence, experts recommend organizations to,
Organizations should follow the Zero-Trust Security implementation to avoid the HEAT attacks and limit their susceptibility to those attacks. Prevention is the Key!
2603 Camino Ramon, Bishop Ranch 3, Suite 200, San Ramon, CA 94583, USA
9850 King George Blvd, 2nd-5th Floor, Surrey, British Columbia, V3T 4Y3, Canada
833A/ 3, Level 28, The Gardens South Tower, Mid Valley City, Lingkaran Syed Putra, 59200, Kuala Lumpur, Malaysia
Block A2, First Floor, Span Ventures SEZ, Rathinam Tech Zone, Pollachi Main Road, Eachanari, Coimbatore – 641021
WorkEZ Urban Square, Kandanchavadi, OMR, Kottivakkam, Rajiv Gandhi Salai, Chennai – 600041