Learn how hybrid work is fueling ransomware attacks and what to do about it.

Back to blog

Two minutes on… HEAT attacks evading HTTP traffic inspection

Matt Shamshoian | Oct 20, 2022

illustration of cloud with text two minutes on... HEAT attacks

Share this article

Threat actors have been setting their sights on web browsers since before the pandemic and the worldwide shift to hybrid work, so it makes sense that attacks on the browser have ramped up even more now. These attacks have been evolving to meet the times with a class of threats the Menlo Labs team has termed Highly Evasive Adaptive Threats (HEAT), which make quick work of legacy security technology.

Many organizations have yet to catch up to these evolving tactics, and solutions like HTTP traffic inspection are quickly becoming outdated. The logic behind HTTP traffic inspection seems solid on the surface — scan all web traffic for malicious content, and block anything that appears malicious. But that logic fails when attackers learn how to hide malicious content like with HEAT attacks.

Fortunately, there’s a way to stop these attacks. Menlo Security Senior Cybersecurity Strategist, Neko Papez, breaks down how in the video below.

Preventing highly evasive web threats: download eBook

Share this article

Make the secure way to work the only way to work.

To talk to a Menlo Security expert, complete the form, or call us at (650) 695-0695.