Security News > 2022 > February > Highly Evasive Adaptive Threats (HEAT) bypassing traditional security defenses
Menlo Security announced it has identified a surge in cyberthreats, termed Highly Evasive Adaptive Threats, that bypass traditional security defenses.
HEAT attacks are a class of cyber threats targeting web browsers as the attack vector and employs techniques to evade detection by multiple layers in current security stacks including firewalls, Secure Web Gateways, sandbox analysis, URL Reputation, and phishing detection.
"With the abrupt move to remote working in 2020, every organization had to pivot to a work from an anywhere model and accelerate their migration to cloud-based applications. An industry report found that 75% of the working day is spent in a web browser, which has quickly become the primary attack surface for threat actors, ransomware and other attacks. The industry has seen an explosion in the number and sophistication of these highly evasive attacks and most businesses are unprepared and lack the resources to prevent them," said Amir Ben-Efraim, CEO of Menlo Security.
"Cyber threats are a mainstream problem and a boardroom issue that should be on everyone's agenda. The threat landscape is constantly evolving, ransomware is more persistent than ever before, and HEAT attacks have rendered traditional security solutions ineffective."
"Highly Evasive Adaptive Threat attacks evade existing security defenses by understanding all the technology integrated into the existing security stack and building delivery mechanisms to evade detection," said John Grady, ESG Senior Analyst.
"Organizations should focus on three key tenets to limit their susceptibility to these types of attacks: shifting from a detection to a prevention mindset, stopping threats before they hit the endpoint, and incorporating advanced anti-phishing and isolation capabilities."
News URL
https://www.helpnetsecurity.com/2022/02/08/cyberthreats-bypass-security-defenses/
Related news
- Obsidian Security Warns of Rising SaaS Threats to Enterprises (source)
- Eliminating AI Deepfake Threats: Is Your Identity Security AI-Proof? (source)
- AWS security essentials for managing compliance, data protection, and threat detection (source)
- Privileged Accounts, Hidden Threats: Why Privileged Access Security Must Be a Top Priority (source)