Security News > 2022 > March > HEAT attacks: A new class of cyber threats organizations are not prepared for

HEAT attacks: A new class of cyber threats organizations are not prepared for
2022-03-22 05:30

Web malware and ransomware now top the list of security threats that organizations are most concerned about.

This is according to a research published by Menlo Security, exploring what steps organizations are taking to secure themselves in the wake of a new class of cyber threats - known as Highly Evasive Adaptive Threats.

"Threat actors seek to exploit gaps in traditional security defences and the fact that security capabilities haven't really changed over the past decade. One of the areas of focus for attackers is using web threats and we're seeing more and more of them successfully deployed using HEAT techniques. Last year, we saw Nobelium use HTML smuggling, a HEAT tactic to avoid static and dynamic content analysis, to deliver malware and ransomware attacks. The fact that these are successful means their usage will increase, which could have devastating consequences for companies of all sizes," explains Mark Guntrip, Senior Director of Cybersecurity Strategy, Menlo Security.

"Working practices have changed and companies must stop relying on traditional tools and strategies that just don't cut it anymore. Adopting a prevention-driven approach to security is the only way to achieve this and using isolation-powered security to do so stops the browser from having any direct interaction with the website and content and ensures that HEAT attacks don't stand a chance."

Training staff tops the list, followed by technology investment to protect the corporate network, adapting to new ways of working, and investing in skilled security members at 45%. The impact of web security threats Although 55% of respondents have invested in their security stack over the past year and 27% have advanced threat protection in place, it is not having the desired effect as attacks are still successfully penetrating their defence lines.

According to Guntrip: "Organizations need to prioritise a review of their network security solution stack. HEAT target web browsers as the attack vector and employ techniques to evade detection by multiple layers in current security stacks, including firewalls, Secure Web Gateways, sandbox analysis, URL Reputation and phishing detection, so clearly a new strategy is needed."


News URL

https://www.helpnetsecurity.com/2022/03/22/web-security-threats/

Related news