HEAT: Are Companies Prepared for Modern Threats?

In my last column, we looked at highly evasive adaptive threats (HEAT) – a selection of malicious techniques often used by cyber-attackers to bypass traditional network security solutions and infiltrate networks.

To recap, HEAT attacks will involve one or more of the following evasive methods:

  1. Evading content inspection
  2. Evading malicious link analysis
  3. Evading offline categorization and threat detection
  4. Evading HTTP traffic inspection

The growing prevalence of HEAT is largely a product of new working norms. In a world where hybrid and remote working is widespread, employees today carry out much of their daily work in the browser, accessing critical applications and cloud networks to complete key tasks.

This is beneficial in many ways, helping to enhance productivity and allowing employees to work whenever, wherever and however they want. Yet, this new modus operandi has given attackers greater opportunities to leverage the browser as the attack vector. 

The SolarWinds supply chain attack, Gootloader campaign and Astaroth Trojan are all examples of HEAT attacks in action, resulting in catastrophic ransomware attacks – yet companies are seemingly aware of these risks. 

Since we first previewed HEAT in my last column, Menlo Security has conducted research among IT decision-makers in the US and UK to determine the knowledge and understanding of organizations relating to these advanced threats. 

The research reveals that web malware and ransomware are seen as threats posing the greatest challenge to organizations, with reputational damage and financial loss highlighted as the most concerning potential outcomes of a data breach.

More than half of those surveyed also stated that they encounter advanced web threats at least once a month, while one in five faces them at least once a week. 

It’s clear, therefore, that organizations are aware of the threat of attacks – but are they prepared to deal with HEAT and direct their efforts and resources towards the right resolutions? 

Outdated Security Solutions

Current statistics would suggest that, in many cases, companies are not adequately able to defend against HEAT attacks.

Indeed, a common outcome of such threats is the triggering of ransomware – an area thriving at present. For example, the findings of IBM’s Cost of a Data Breach Report 2021 reveal that the global average cost of a data breach is now $4.24m per incident – the highest this figure has been in the report’s 17-year history.

Much of the problem lies in the fact that while threats are advanced and, critically, adapting to overcome security tools and solutions, those same security protocols have largely stagnated and simply cannot deal with modern threats. 

Our survey shows that organizations today are continuing to rely on outdated technologies to mitigate highly evasive adaptive threats, with around half failing to add capabilities to their network security technology stack in the past 12 months.

Varying Priorities Create Complexity

Indeed, hybrid working models have significantly changed organizations, from the applications needed to complete tasks to the devices used daily. 

From a security perspective, this has created a host of new issues requiring a different resolution, resulting in various competing priorities for companies to manage. 

In terms of improving security in 2022, our survey shows that priorities vary from training staff to technology investment and adapting to new ways of working. At the same time, there is a lack of consensus on whether security solutions should be deployed on the network or in the cloud.

A Lack of Protection is Resulting in Successful Attacks

The results also show that attacks are both common and becoming increasingly widespread and successful, with the majority having a device compromised by a browser-based attack in the past year alone.

This is largely because critical vulnerabilities are simply not being addressed. Currently, less than a third has advanced threat protection on every endpoint device used to access corporate applications and resources. This leaves security teams with a lack of visibility across unmanaged devices that end users are using to access corporate networks, resulting in a stream of blind spots. 

What’s the Solution?

Security strategies today can no longer be founded in detection and remediation. Instead, firms must adopt a layered approach to security that will proactively work to prevent threats from reaching networks where they can wreak havoc.

 To achieve this, security firms cannot continue to rely upon traditional tools and strategies that are no longer adequate in dealing with HEAT. Just as attackers have adapted to leverage the browser as the attack vector, firms must also adapt to protect themselves.

Isolation technology ensures all active code from the internet is executed in isolated cloud containers, thereby removing the risk from web and email attack vectors. It can eliminate the threat of attacks when users are accessing the internet and their emails by separating the enterprise network from the public web. 

Simply put, it doesn’t matter if there’s a known or unknown vulnerability on the endpoint because no content – whether it is malicious or not – has the opportunity to reach it.

What’s Hot on Infosecurity Magazine?