As employee usage of SaaS applications and other cloud-based services rapidly explode, the web browser has become an increasingly popular point of entry for attackers looking to secretly breach an endpoint before ultimately moving laterally into the network.
Highly Evasive Adaptive Threats, or HEAT attacks, exploit browsers — leveraging their tools and features to circumvent traditional security measures (e.g. static analysis, web gateways, sandboxes and filtering) and then compromise credentials or deliver ransomware and other malicious programs. At an InfoSec World conference session in Orlando on Monday, Niko Papez, senior manager of cybersecurity at Menlo Security, warned attendees about the growing danger surrounding these campaigns.
HEAT tactics are typically comprised of certain signature attack tactics, including: HTML smuggling, dynamic drive-by downloads and phishing messages conducted via non-traditional channels such as collaboration or social media platforms.
“If you think about everything that’s happening today with these hybrid environments, this increase in remote workforce today, it really comes down to a world where everything is in the browser,” said Papez in an interview with SC Media. Our applications are found there, our data is moving there, SaaS adoption is increasing. And in addition to that, the amount of trust we have to place in our data today, where it’s located and the people that have access to it — all of this has increased. So it’s become a very opportunistic playing field for these adversaries.”
Learn more from Papez about HEAT attacks in the embedded video below.