Prevent HEAT attacks to foil ransomware incidents
In this video for Help Net Security, Mark Guntrip, Sr Director, Cybersecurity Strategy at Menlo Security, talks about highly evasive adaptive threats (HEAT attacks).
The start of a malware infection or a ransomware incident is the threat act of getting a foothold in a victim’s network, and that’s where HEAT attacks are used.
The traditional security stack hasn’t changed much in over a decade. The last new barrier to threats deployed en masse was the sandbox. This means attackers have had a lot of time to figure out how to evade detection.
There are four main HEAT characteristics, which are grouped around the technology that they seek to evade:
- evading both static and dynamic content inspection
- evading malicious link analysis
- evading URL reputation and URL categorization
- evading HTTP traffic inspection