Ask any cybersecurity leader what one of their top concerns are and chances are that ransomware makes the list. Every security team dreads the day when a ransom request hits their end user’s screen. But while many fret over backing up systems and detecting the threat – a reactive approach to security – they lose sight on how the attack occurred in the first place.
With hybrid and remote workforces spending more than 75% of their working day in a web browser, users, their data, and applications are all now found in the cloud. And while all work is now found there, unfortunately, security is lagging behind.
Web browsers are constantly being updated to address vulnerabilities, SaaS applications are expanding the attack surface, and distributed work has multiplied the amount of data there is to protect. Threat actors haven’t waisted a minute in taking advantage of this opportunistic playground, which has given rise to Highly Evasive Adaptive Threats (HEAT), a new class of web threats observed by Menlo Labs, which are beachheads for data theft, stealth monitoring, account takeovers, and initiating ransomware payloads.
In the video below, Menlo Security’s Senior Director of Cybersecurity Strategy, Mark Guntrip, breaks down what a HEAT attack is in less than two minutes.