HEAT Attacks: The new frontier for hackers

July 26, 2022
One of the most effective ways to prevent HEAT attacks is through Zero Trust Architecture

As we are midway through the third year of remote work and have fully opened the door to hybrid work, cybersecurity experts can only assure one thing: attackers are going to continue to develop new ways to break through networks and spread ransomware to unsuspecting organizations and individuals. The newest form of ransomware emerging has been classified as a HEAT attack, or a Highly Evasive Adaptive Threat, recently discovered by the Menlo Labs team. A HEAT attack is a class of cyber threats targeting web browsers as the attack vector and employs techniques to evade detection by multiple layers in current security stacks including firewalls, Secure Web Gateways, sandbox analysis, URL Reputation, and phishing detection.

Bad actors have been given the unique opportunity to take advantage of organizations as employees are using less secured networks or even their personal devices while working, increasing the attack barrier beyond anything their cybersecurity teams have had to manage in the past. Prior to the pandemic, work could be done in person but now, most people are completing most of their work in a web browser, according to recent data from Google or through Software as a Service (SaaS) applications that rose to popularity during 2020.

All of these browsers and applications that now hold all of a company’s information and data have now created the perfect breeding ground for HEAT attacks. This begs the question: how does one prevent these attacks from wreaking havoc on their organization?

How to Differentiate HEAT Attacks from the Traditional Ransomware

First, you need to know what differentiates a HEAT attack from traditional ransomware threats. The number one reason hackers are turning to HEAT attacks versus using traditional routes is because HEAT tactics are successful at getting to the end user’s browser by bypassing common defenses, such as Secure Web Gateways and their anti-malware and sandboxing capabilities, as well as network and HTTP inspections, malicious link analysis, offline domain analysis, and threat intelligence feeds. Enterprises that have invested in other security measures while pivoting to work from home are now scrambling to keep up with these attacks and trying to find ways to further protect their networks.

HEAT attacks have also differentiated themselves from traditional phishing attacks. Broadly, phishing attacks involve deceitful communications that trick users into thinking that they’re interacting with a reputable person or company. Historically, phishing attacks have been delivered through email. Now, most employees are aware of phishing attacks through email and companies have set up better security by filtering out suspicious mail from unknown addresses, but HEAT attacks can make their way into an organization through a variety of links that employees click.

Through bogus links sent through LinkedIn or Slack or other commonly used URLs that employees click on since they assume that they’re safe, HEAT attackers are able to bypass traditional security measures and infiltrate an organization’s system. As more people become aware of these types of attacks, similar to how they’re now aware of phishing scams, the more likely they are to be more careful about what types of links they are opening in their browsers.

How Can You Protect Your Organization from a HEAT Attack

While HEAT attacks have been targeting organizations for some time, given the recent evolution of the threat market resulting in part from accelerated cloud migration and the proliferation of remote work, these attacks pose a significant risk for enterprises today. And while your enterprise may try to thwart these attacks, once they have gotten inside your organization, it is much harder to stop. The key to keeping your company’s information secure is prevention.

The use of browsers and SaaS technologies is not going to go away anytime soon especially as companies are continuing to employ people from across the globe who may never see the inside of their office. And because of this, browsers are going to continue to be the place where the majority of work – and attacks – take place. Modern security stacks are just not equipped to handle these evolving threats. Cyber teams need to go out of their comfort zone and start to seriously consider new web security. No more trying to defeat a threat once it’s broken through your defense system, the only way to save your enterprise is by trying to prevent these attacks in the first place and upping security and education throughout your company.

One of the most effective ways to prevent HEAT attacks is through Zero Trust Architecture. That’s why enterprises today are increasingly adopting the Secure Access Service Edge (SASE) framework, which features key security technology components that cater to today’s remote and hybrid workforces.

It’s plain to see that HEAT attacks aren’t going anywhere. As hackers are becoming more evolved and organizations continue to widen their attack barrier, the increase in ways that your company could be at risk is infinite. Education among employees and increased prevention measures from cybersecurity teams are the two most effective ways that your organization can keep your data secure and continue to be productive. Going into 2022 and beyond, the best thing to do is to continue to invest in better security and make sure that you are staying vigilant.

 About the author: As Menlo’s CISO, Devin Ertel is responsible for providing internal cybersecurity guidance and policy insights to both the company and our customers. He is also focused on reducing the company’s risk and security exposure. Devin has nearly 20 years of experience in cybersecurity. His previous experience includes security positions in several Fortune 100 organizations. During his time with both Mandiant and the U.S Federal Reserve, Devin had hands-on experience mitigating large, high-profile breaches and dealing with highly motivated global threat actors.

Courtesy of BigStock -- Copyright: Pseudolithos
Courtesy of BigStock -- Copyright: olechowski