• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer

My TechDecisions

  • Best of Tech Decisions
  • Topics
    • Video
    • Audio
    • Mobility
    • Unified Communications
    • IT Infrastructure
    • Network Security
    • Physical Security
    • Facility
    • Compliance
  • RFP Resources
  • Resources
  • Podcasts
  • Subscribe
  • Project of the Week
  • About Us
    SEARCH
Latest News

Menlo Security Finds Cloud Migration and Remote Work Gives Rise to New Era of Malware, Highly Evasive Adaptive Threats (HEAT)

February 2, 2022 TechDecisions Staff

Menlo identified 224% increase in HEAT attacks in the last six months fueling ransomware surge

MOUNTAIN VIEW, Calif.–(BUSINESS WIRE)–#cloudsecurity—Menlo Security, a leader in cloud security, today announced it has identified a surge in cyberthreats, termed Highly Evasive Adaptive Threats (HEAT), that bypass traditional security defenses. HEAT attacks are a class of cyber threats targeting web browsers as the attack vector and employs techniques to evade detection by multiple layers in current security stacks including firewalls, Secure Web Gateways, sandbox analysis, URL Reputation, and phishing detection. HEAT attacks are used to deliver malware or to compromise credentials, that in many cases leads to ransomware attacks.

In an analysis of almost 500,000 malicious domains, The Menlo Security Labs research team discovered that 69% of these websites used HEAT tactics to deliver malware. These attacks allow bad actors to deliver malicious content to the endpoint by adapting to the targeted environment. Since July 2021, Menlo Security has seen a 224% increase in HEAT attacks.

“With the abrupt move to remote working in 2020, every organization had to pivot to a work from an anywhere model and accelerate their migration to cloud-based applications. An industry report found that 75% of the working day is spent in a web browser, which has quickly become the primary attack surface for threat actors, ransomware and other attacks. The industry has seen an explosion in the number and sophistication of these highly evasive attacks and most businesses are unprepared and lack the resources to prevent them,” said Amir Ben-Efraim, co-founder and CEO of Menlo Security. “Cyber Threats are a mainstream problem and a boardroom issue that should be on everyone’s agenda. The threat landscape is constantly evolving, ransomware is more persistent than ever before, and HEAT attacks have rendered traditional security solutions ineffective.”

HEAT attacks leverage one or more of the following core techniques that bypass legacy network security defenses:

  • Evades Both Static and Dynamic Content Inspection: HEAT attacks evade both signature and behavioral analysis engines to deliver malicious payloads to the victim using innovative techniques such as HTML Smuggling. This technique is used by threat actors including Nobelium, the hacking group behind the SolarWinds ransomware attack. In one recent case, dubbed ISOMorph, the Menlo Labs research team observed the campaign using the popular Discord messaging app to host malicious payloads.

    • Menlo Labs identified over 27,000 malware attacks that were delivered using HTML Smuggling within the last 90 days.
  • Evades Malicious Link Analysis: These threats evade malicious link analysis engines traditionally implemented in the email path where links can be analyzed before arriving at the user.
  • Evades Offline Categorization and Threat Detection: HEAT attacks evade web categorization by delivering malware from benign websites, either by compromising them, or patiently creating new ones, referred to as Good2Bad websites. Menlo Labs has been tracking an active threat campaign dubbed SolarMarker, which employs SEO poisoning. The campaign started by compromising a large set of low-popularity websites that had been categorized as benign, infecting these websites with malicious content.

    • Good2Bad websites have increased 137% year-over-year from 2020 to 2021.
    • 44% of Menlo Security customers have accessed a website in the past year that falls in the Good2Bad classification, however Menlo’s patented Elastic Isolation Core™ prevented any infection from taking place.
  • Evades HTTP Traffic Inspection: In a HEAT attack, malicious content such as browser exploits, crypto-mining code, phishing kit code and images impersonating known brand’s logos is generated by JavaScript in the browser by its rendering engine, making any detection technique useless.

    • The top three brands impersonated in phishing attacks are Microsoft, PayPal, and Amazon. A new phishing website imitating one of these brands is created every 1.7 minutes.

“Highly Evasive Adaptive Threat (HEAT) attacks evade existing security defenses by understanding all the technology integrated into the existing security stack and building delivery mechanisms to evade detection,” said John Grady, ESG Senior Analyst. “Organizations should focus on three key tenets to limit their susceptibility to these types of attacks: shifting from a detection to a prevention mindset, stopping threats before they hit the endpoint, and incorporating advanced anti-phishing and isolation capabilities.”

For more information on HEAT, please visit our blog, “Too Hot to Handle.”

About Menlo Security

Menlo Security protects organizations from cyberattacks by eliminating the threat of malware from the web, documents, and email. Menlo Security’s isolation-powered cloud security platform scales to provide comprehensive protection across enterprises of any size, without requiring endpoint software or impacting the end user-experience. Menlo Security is trusted by major global businesses, including Fortune 500 companies, eight of the ten largest global financial services institutions, and large governmental institutions. Menlo Security is backed by Vista Equity Partners, Neuberger Berman, General Catalyst, American Express Ventures, Ericsson Ventures, HSBC, and JP Morgan Chase. Menlo Security is headquartered in Mountain View, California. For more information, please visit www.menlosecurity.com.

Contacts

U.S.

Samantha Smoak

PAN Communications

[email protected]

U.K.

Paula Averley or Louise Burke

Origin Communications

[email protected]

If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our digital newsletters!

Related Content:

  • Akumina Announces 86% Year-over-Year SaaS Bookings Growth as…
  • Skykit Survey: Sharing Data Dashboards Broadly with Employees…
  • Insight Cuts Ribbon on New Global Headquarters
  • Keysight Enables AI-LINK to Accelerate 5G Private Network…

Get the FREE Tech Decisions eNewsletter

Sign up Today!

Latest Downloads

Download TechDecisions' Blueprint Series report on Security Awareness now!
Blueprint Series: Why Your Security Awareness Program is Probably Falling Short

Learn about the evolution of phishing attacks and best practices for security awareness programs to ensure your organization is properly prepared t...

Workplace Collaboration Tools for Corporate Spaces
Workplace Collaboration Tools for Corporate Spaces

From lobbies and shared spaces to conference rooms and multipurpose facilities, you need high-performing AV technology to effectively share informa...

ChatGPT, generative AI, enterprise, workplace
Blueprint Series: ChatGPT and Generative AI in the Workplace

This latest release of the TechDecisions Blueprint Series explores the new phenomenon of tools such as ChatGPT and how IT leaders should go about d...

View All Downloads

Would you like your latest project featured on TechDecisions as Project of the Week?

Apply Today!
Sharp Microsoft Collaboration HQ Logo

Learn More About the
Windows Collaboration Display

More from Our Sister Publications

Get the latest news about AV integrators and Security installers from our sister publications:

Commercial IntegratorSecurity Sales

AV-iQ

Footer

TechDecisions

  • Home
  • Welcome to TechDecisions
  • Subscribe to the Newsletter
  • Contact Us
  • Advertise with Us
  • Comment Guidelines
  • RSS Feeds
  • Twitter
  • Facebook
  • Linkedin

Free Technology Guides

FREE Downloadable resources from TechDecisions provide timely insight into the issues that IT, A/V, and Security end-users, managers, and decision makers are facing in commercial, corporate, education, institutional, and other vertical markets

View all Guides
TD Project of the Week

Get your latest project featured on TechDecisions Project of the Week. Submit your work once and it will be eligible for all upcoming weeks.

Enter Today!
Emerald Logo
ABOUTCAREERSAUTHORIZED SERVICE PROVIDERSDO NOT SELL MY PERSONAL INFORMATIONTERMS OF USEPRIVACY POLICY

© 2023 Emerald X, LLC. All rights reserved.