‘Stronger front door’ required to rebuff cyber HEAT attacks

Speaking at Infosecurity Europe 2022 this week, Mark Guntrip, senior director of security strategy at Menlo Security, said that so-called 'HEAT' (Highly Evasive Adaptive Threats) attacks require a renewal of the ‘strong front door’ model of threat blocking, as standard detect-and-respond techniques are proving unequal to their defensive role.

HEAT attacks are a class of cyber threat that target web browsers as the primary attack vector. They go on to employ techniques to evade multiple layers of protection such as firewalls, secure web gateways, sandbox analysis, URL reputation and phishing detection.

“HEAT attacks are used as the initial access point to deliver malware or to compromise credentials,” said Guntrip. “They allow cyber threats to deliver malicious content like ransomware to the endpoint by adapting to the targeted environment.”

Menlo Security detected a 224 per cent increase in HEAT attacks in 2021 and expects a similar increase for 2022 when its updated figures are released later in the year.

Guntrip added: “HEAT reflects the fact that threat actors have now had a decade to study how most organisations configure their enterprise cyber security stacks, and the conventional model has not been adaptive enough to change during that time.

“Sandboxing, for instance, largely relies on the assumption that another party has identified a malicious site, and also that threat intelligence is up to date.”

With so much business activity concentrated on browsers, the cyber-security community has an opportunity to work more closely to enable greater native integration between browsers and the rest of the security stack, Guntrip argued: “Rather than rely on detect-and-respond techniques that are susceptible to new threats like HEAT, we now need to find ways to implement a new and stronger ‘front door’ that actually blocks them from getting in.”

To coincide with Infosecurity Europe 2022, Menlo Security launched a 'HEAT Security Assessment Toolkit' which is designed to provide organisations with the ability to assess their levels of protection, exposure and susceptibility to HEAT risks.

The HEAT Check enables customers to run a light penetration test to find if they are susceptible to HEAT attacks. The assessment leverages several real-world HEAT attacks currently being used by threat actors, safely enabling the user to determine their exposure level.

Of the tool, Guntrip said: “HEAT techniques can be used individually or in combination for any type of attack that targets the user, endpoint, or applications, including ransomware. The HEAT Security Assessment Toolkit is critical to helping companies ensure they are protected against these attacks.”