Recently, we’ve heard from some of our clients that they’ve become aware of an increase in new and sophisticated cyber threats.
These days, most security firewalls and anti-malware software do a good job of protecting end users, employees and companies from cyber attacks. However, our clients have told us about a surge in so-called HEAT cyber attacks (Highly Evasive Adaptive Threats), which are tricky to detect and prevent.
Understanding HEAT attacks
HEAT attacks primarily target web browsers as their means of misdirection. Through sophisticated development frameworks, these HEAT attacks are able to break through multiple layers of security software, including firewalls, secure web gateways and phishing detection. They are also able to bypass traditional security defences, like manual checks by IT teams.
The aim of HEAT attacks is to get hold of valuable user data, which can then be used to further target end users through phishing emails and ransomware attacks. Menlo Security says they have seen a 224% increase in HEAT attacks since July 2021.
Reasons for the rise in HEAT attacks
It’s no surprise that the surge in HEAT attacks has coincided with the rise in remote working due to the Covid-19 pandemic. Many remote workers may not be able to access a secure VPN from home. Others might use their own laptops or PCs, meaning they’ll have less protection than using an office issued computer.
Because many HEAT attacks are browser based, remote workers are often totally unaware of the risks, and may not be able to recognise the signs.
“With the abrupt move to remote working in 2020, every organization had to pivot to a work-from-anywhere model and accelerate their migration to cloud-based applications.
An industry report found that 75% of the working day is spent in a web browser, which has quickly become the primary attack surface for threat actors, ransomware and other attacks.
The industry has seen an explosion in the number and sophistication of these highly evasive attacks and most businesses are unprepared and lack the resources to prevent them,” said Amir Ben-Efraim, co-founder and CEO of Menlo Security.
The rise of Cryptocurrency
As well as remote working, the exponential growth of Crypto trading is also exposing online users to so-called ‘Cryptojacking’. The process of mining currency can expose networks to a plethora of cybercrime opportunities.
Some Crypto mining takes place within browsers and has links to social media, meaning there’s a risk of exposure to HEAT attacks.
In a HEAT attack, malicious content can make its way into crypto-mining code and images. Often, the code is generated by JavaScript in the browser by its rendering engine, making it very difficult to detect.
Why is it difficult to prevent these attacks?
Malicious payloads are the part of a cyber attack that cause harm, and can sit dormant on a computer for seconds, minutes, hours, days or even months before they’re triggered.
This means they’re not always picked up by security firewalls or manual checks. They may not activate any defences right away, if at all.
HEAT attacks often evade web categorisation because they look like benign websites. But in reality, they’ll infect these benign websites, or create new ones, without being re-categorised as malicious. These are referred to as Good2Bad websites.
Good2Bad websites have increased 137% year-over-year from 2020 to 2021. In fact, 44% of Menlo Security’s customers have accessed a website in the past year that falls in the Good2Bad classification.
HTML smuggling
HTML smuggling is a technique used in phishing campaigns that utilise HTML5 and JavaScript to hide malicious payloads. These are often hidden in encoded strings in an HTML attachment or webpage. The strings are then decoded by a browser when a user opens the attachment or clicks a link.
Menlo Labs identified over 27,000 malware attacks that were delivered using HTML Smuggling within the last 90 days.
What can be done?
John Grady, ESG Senior Analyst says that, “organisations should focus on three key tenets to limit their susceptibility to these types of attacks:
- shifting from a detection to a prevention mindset
- stopping threats before they hit the endpoint
- and incorporating advanced anti-phishing and isolation capabilities.”
Senior leadership teams need to be aware of the risks and invest in the best security software and employee training to tackle the issue.
Menlo Security explains that, “business-savvy users and staff (who know they are targets, thanks to security awareness training) are more careful about clicking on emails when they aren’t entirely sure of their safety. Yes, people still slip. And yes, many employees are still not cautious about what links they click on, and they get themselves into trouble. Yet, more people are growing careful, especially more sophisticated, adequately trained, and aware users.”
Users should continue to be cautious on all online channels, from web browsers to social media. If anyone clicks a link they’re unsure of, they should report it to their IT team or IT security partner immediately.
Keep up with the latest IT security news
At Origin Comms, we take pride in providing timely, accurate and trustworthy information for IT security and tech companies around the world. Our clients trust us to understand the ever-changing landscape and keep them informed of any new risks or developments.
Visit our news page to get the latest updates or view our services page to learn about what we do.