In this video for Help Net Security, Mark Guntrip, Sr Director, Cybersecurity Strategy at Menlo Security, talks about highly evasive adaptive threats (HEAT attacks).
The start of a malware infection or a ransomware incident is the threat act of getting a foothold in a victim’s network, and that’s where HEAT attacks are used.
The traditional security stack hasn’t changed much in over a decade. The last new barrier to threats deployed en masse was the sandbox. This means attackers have had a lot of time to figure out how to evade detection.
There are four main HEAT characteristics, which are grouped around the technology that they seek to evade:
- evading both static and dynamic content inspection
- evading malicious link analysis
- evading URL reputation and URL categorization
- evading HTTP traffic inspection