Summer’s Over, But the HEAT is On
TD Synnex Public Sector’s Chief Cybersecurity Technologist, Don Maclean sat down with Mark Guntrip, Senior Director of Security Strategy at Menlo Security, to discuss one of the latest emergent security threats.
Highly Evasive Adaptive Threat (HEAT) attacks, target web browsers as their primary attack vector. Once the attack gains access, it employs techniques that evade multiple layers of protection such as firewalls, secure web gateways, sandbox analysis, URL reputation, and phishing detection. Guntrip says that standard detect-and-respond safeguards are inadequate when dealing with HEAT attacks. Because HEAT attacks adapt to the target environment, once they gain initial access, they can compromise login credentials or deploy malware. Threat blocking models that provide a “strong front door” are essential. According to Menlo Security, HEAT attacks increased by more than 200 percent in 2021 and a similar increase is expected for 2022. Analysis of more than half a million malicious URLs revealed that 69 percent leveraged HEAT attacks.
The ongoing shift to remote and hybrid work models, due in large part to the global COVID pandemic, presents challenges as well as benefits. According to a Forrester Consulting survey employees spend 75 percent of their time online, mainly within a web browser. Attackers have adapted their techniques to exploit this shift, using browsers and SaaS applications as an attack vector and evading the static protections built into current security stacks. HEAT attacks can evade traditional defenses, such as antivirus, endpoint protection, sandboxes, and application and cloud firewalls. Implementing Remote Browser Isolation (RBI) can prevent HEAT attacks that use the web, social media, text/SMS, and shared folders and documents.
Why do traditional security techniques fall short in stopping HEAT attacks? Reliance on on-premises deployment and signature-based detection provide ineffective visibility into applications. This detect-and-respond model is inadequate for threats that are designed to evade and adapt to such countermeasures. HEAT techniques have also been developed that bypass sandboxes, delaying execution of malicious code until leaving the sandbox environment.
How can agencies protect themselves against HEAT attacks? A Zero Trust approach, as mandated by the Executive Order 14028, can be effective. Using Zero Trust, a user or entity is never assumed to be trustworthy, even after being granted access. In a Zero Trust architecture, it is necessary to authenticate all connections; verify the identity of all users, devices, applications, and services; and verify that traffic only goes where necessary.
Menlo’s Guntrip says, “Working practices have changed and companies must stop relying on traditional tools and strategies that just don’t cut it anymore. Adopting a prevention-driven approach to security is the only way to achieve this and using isolation-powered security to do so stops the browser from having any direct interaction with the website and content and ensures that HEAT attacks don’t stand a chance.”
Who Is Menlo Security?
Menlo Security on AWS offers an all-in-one cloud-native security solution that helps teams take control of their security in the cloud. Their Zero Trust approach aids their users in keeping their teams safe with military-grade technology backed by elite security researchers. Find out more at www.menlosecurity.com