By Mark Guntrip, Senior Director of Cybersecurity Strategy, Menlo Security
The impact of the global pandemic has resulted in a paradigm shift that has drastically expanded attack surfaces, as hybrid and remote working environments become the norm.
Employees now spend most of their time working in the cloud, using SaaS applications and other web-based tools that are pivotal to productivity, efficiency and collaboration. However, in doing so, companies are now struggling to manage a variety of new blind spots in traditional approaches to security that are not fit to protect modern working models.
During the last 10 years, cybercriminals have adapted to find new ways in which they can exploit and bypass legacy security systems. Consequently, there has been a surge in a new class of cyber threats known as Highly Evasive Adaptive Threats (HEAT).
HEAT attacks target web browsers as the attack vector and use techniques to evade detection from traditional tools used in current security stacks, such as firewalls, Secure Web Gateways, sandbox analysis, URL reputation and phishing detection solutions. The Menlo Labs research team observed a 224 per cent increase in HEAT attacks in the second half of last year.
Used to deliver malware or to compromise credentials, which in many cases leads to ransomware payloads, HEAT attacks include at least one of four evasion techniques:
- Evades Both Static and Dynamic Content Inspection
- Evades Malicious Link Analysis
- Evades Offline Categorization and Threat Detection
- Evades HTTP Traffic Inspection
We have recently published a new report looking at how much organizations know about these types of advanced threats, whether they are seeing more of them, and how well equipped they are to deal with them. We uncovered five key insights based on the findings.
- Worries over ransomware
There is no doubt that companies are concerned about modern cyber threats. The European Union Agency for Cybersecurity (ENISA) recently stated that we are witnessing the “golden era of ransomware” – and for good reason. The consequences of such attacks can be catastrophic, from prolonged operational delays and data loss and exposure to huge reputational damages. Meanwhile, cybercriminals are successfully extorting financial sums in the tens of millions of dollars from their victims.
- Modern work is adding complexity
The shift to home working has changed everything. Many security solutions became redundant almost overnight, with enterprises now struggling to manage potential vulnerabilities owing to a distinct lack of visibility into those unmanaged devices that end users are using to access corporate networks. A series of security blind spots have emerged that many organizations simply are not aware of or able to manage. Add to this the threat of more sophisticated attacks, and the security implications of hybrid and remote models are clear to see.
- Attacks are more frequent
Threat actors today are not standing still. They are constantly working to tweak and change their attack methods in order to further evade security systems and exploit their targets successfully. The adaptiveness of HEAT attacks is a key challenge. If security teams find a fix, attackers will alter their tactics to work around it. If a new web browser-focused tactic is proven to work it is in turn exploited at scale, often by a thriving and growing ransomware-as-a-service landscape.
- Existing technology is not working
The transition to hybrid and remote working has expanded attack surfaces and exposed new vulnerabilities, yet security has largely failed to adapt and properly serve these new operating environments. Organizations today are relying on outdated technologies from a different era to mitigate HEAT attacks. From antivirus software to firewalls, many of the solutions deployed for on-prem environments a decade ago simply are not fit for the purpose of dealing with modern cloud-based threats and defending against browser-led attacks.
- Competing priorities present challenges
Working practices today look fundamentally different compared to pre-pandemic, from the applications needed to complete tasks to the devices used during the day-to-day. From a security perspective, this has created many different problems that each need unique solutions. In order to determine which should take precedence, organizations should consider what will provide the greatest return on investment regarding risk reduction, working to remediate the greatest risk areas first. Critically, a layered approach should be adopted to both prevent attacks and manage them beyond the perimeter.
Cyber attacks are a case of ‘when’ not ‘if’ for those organizations not fully prepared. Security teams need to stop relying on traditional tools and strategies that are no longer adequate in dealing with these HEAT attacks. Adopting a prevention-driven approach is the most effective way in reducing the opportunity for attackers to breach the network and endpoint.
About the Author
Mark Guntrip has over 20 years of experience in Strategy, Product Management, and GTM expertise across the enterprise and commercial organizations. Mark is responsible for articulating the future of threats and prevention strategies to security leaders and professionals across the globe. Prior to joining Menlo, Mark was a security strategist at Proofpoint, Symantec, Cisco, and several other leading security solutions providers. Mark holds a Master of Engineering (Hons) from the Southampton University. Mark Guntrip can be reached online at https://www.linkedin.com/in/mguntrip/ and at https://www.menlosecurity.com/