Learn how hybrid work is fueling ransomware attacks and what to do about it.
Traditional security approaches are flawed, costly, and overwhelming for security teams. Menlo Security is different. It’s the simplest, most definitive way to secure work—making online threats irrelevant to your users and your business.
Our platform invisibly protects users wherever they go online. So threats are history and the alert storm is over.
Traditional network security wasn’t built to address today’s complex enterprise environments. SASE fixes that problem.
Menlo Labs provides insights, expertise, context and tools to aid customers on their journey to connect, communicate and collaborate securely without compromise. The collective is made up of elite security researchers that put a spotlight on the threats you know and don’t know about.
Menlo Labs provides insights, expertise, context and tools to aid customers on their journey to connect, communicate and collaborate securely without compromise.
What are Highly Evasive Adaptive Threats (HEAT)?
A prevent and detect approach is key to stopping HEAT attacks.
Highly Evasive Adaptive Threats (HEAT) are used by threat actors who employ evasive techniques to bypass traditional web security measures and leverage web browser features so they can deliver malware or compromise credentials. If successful, HEAT attacks render all browser-based security defenses helpless. These include sandboxes, file inspections, network and HTTP-level inspections, malicious link analysis, offline domain analysis and indicator of compromise (IOC) feeds.
Specific HEAT techniques include:
HEAT attacks leverage one or more of the following four evasive HEAT characteristics to bypass legacy network security defenses:
Termed Legacy URL Reputation Evasion (LURE), sites classified as benign by categorization engines are compromised and then used for malicious purposes, bypassing indicators of compromise-based detection. Threat actors can quickly flip the behavior of that website, reveal the malicious content and drive people to that site – all before offline categorization engines have had a chance to categorize that as malicious. Attackers may even go as far as patiently creating new sites and leaving them to gain a good reputation across categorization engines, before using them to deliver malicious content. Captcha usage in malicious sites is also being used to not only gives users a false sense of security, but also force real user interactions to get to the real malicious content.
Phishing has normally been a 100% email problem, so attackers are finding alternative ways to get in that aren’t protected. SEGs and email link analysis are bypassed by leveraging additional phishing avenues outside the email path such as web, social media, professional networks, collaboration tools and SMS phishing techniques.
There are three stages of a HEAT attack: gaining the initial foothold, spreading through the network and executing the final payload to gain control over critical business systems. Stage two and three are entirely dependent on stage one—gaining initial access. Menlo focuses on stopping HEAT attacks before they are able to make the initial access—effectively rendering the malware impotent. Without access, it can’t spread through the network, gain control, exfiltrate data or hold systems ransom.
To talk to a Menlo Security expert, complete the form, or call us at (650) 695-0695.