As I look back two years ago when the COVID-19 pandemic
first hit, never did I think, or for that matter, really anybody else, that the
world would be forever changed as it has been right now. Sure there are global tensions right now, but
those will have a way of working out.
All conflicts of that nature, for the most part, have some kind of
resolution in the end, if history proves right.
But the pandemic is something that will stay with us permanently
now, just like the flu virus has. There
will be peaks and troughs in terms of the total number of people getting sick
or dying, but eventually the human race will accept it and move on with
it. Heck, even the WHO is giving some
thoughts right now as to classifying COVID-19 now as an “endemic”.
True, the virus has brought a lot of bad with it, but on the
flip side, it has brought some good with it also. Consider some of these:
*The near 99% workforce which was once thought to be a
future concept is now a reality and seems like it will be now forever;
*The vaccine creation process has greatly increased. For example what would take 4 years to bring
a vaccine to market has now happened in just a matter of months;
*Although there is a still a great deal of reactiveness in
our culture, at least people have now started to realize the importance of Cybersecurity,
and what it means.
The focus of this blog is going to be on the latter, because
of course that is where my experience is in.
The threat landscape is an always changing one, and will only get
crazier over time. Many security pundits
predicted that 2022 will be the worst year ever, and while the total number of
Ransomware attacks do continue, so far at least to me, I don’t see a lot of
difference from last year.
But, just like the COVID-19 variants that have come out, such
as that of Delta and Omicron, there will also be many variants of Cyber attack
vectors as well. Remember, unless they have deep pockets or have a well-developed
research team, the Cyberattacker of today really does not want to create new
variants from scratch.
Rather, they are just happy to create something a little
different from a previous launch. In
other words, all they want to do is merely build a better mousetrap in
mind. So with this in mind, many Cyber
analysts have their eyes on a possible new variant, and this one is called “HEAT”,
and it is acronym for “Highly Evasive Adaptive Threats”.
It has been discovered by Menlo Security, and it targets primarily
the vulnerabilities that are found in all of the web browsers that are being
used today, most notably those of Chrome and Edge. The reason for this is prey is simple and
clear:
With everybody working from home (WFH), one of the primary
tools that is used for conducting everyday job tasks is the browser itself. In fact, it has even been cited that at least
75% of the remote workers are on the web to do their job functions.
More information about this can be seen at this link:
And in fact, Menlo Security has discovered a whopping 224%
in HEAT based attacks since the second half of last year. So what makes this new variant so stealthy? Here are some clues:
1)
It avoids the conventional IDSs and IPSs:
These are acronyms that stand for
an Intrusion Detection System and Intrusion Prevention System, respectively. The former uses known profiles to detect
threats, and the latter uses heuristic learning algorithms to help stop the threats
from happening in the first place. But,
the HEAT variant is so sophisticated it can evade both of them by using a technique
known as “HTML Smuggling”.
2)
Avoids link analysis:
Most email systems today are
actually pretty good in blocking emails that seem to contain a malicious link that
is embedded within them. For example,
either the email is quarantined or the images and links are totally disabled should
the email still find their way into the end user’s inbox. But the HEAT variant can bypass all of this,
using other sophisticated techniques, which in all honesty, have not been completely
discovered yet.
3)
Replicating the good sites:
The worst of domain name heisting and
the creation of phony websites reached its peak at the height of the pandemic. This still continues, but in the past, there
were always some telltale signs of a phony website. But now, with the advanced techniques of the HEAT
variant, the Cyberattacker is able to 100% replicate an honest and good website
and make it look like the real thing.
Because of this, they ae able to avoid the being blacklisted by the various
domain registries around the world.
4)
Evades firewalls and routers:
Both of these tools are used to
sniff out for malicious data packets, and prevent their entry into the internal
environment. But a drawback of them is
that they are highly dependent upon known signatures from previous attacks in
order to learn what a malicious data packet is.
Because of this, many businesses are now making use of what is known as the
“Next Generation Firewall”, which makes of both AI and ML in order to learn and
build profiles about these known signatures.
From here, this tool can project as to what a malicious data packet could
like into the future. But even here, the
HEAT variant can bypass most of this by simply hiding in a vulnerability discovered
in the Java Script coding.
My Thoughts On This:
IMHO, the world will be seeing more of this kind of variant this
year, and even going into 2023. As I
have described, the Cyberattacker is cheap about the creation of a slightly
newer variant built upon a previous one, but they are extremely proactive about
being much more sophisticated in their ways.
The bottom line in all of this is that they are able to evade detection
by hiding in the various memory components of the wireless device or the web browser
itself.
In the end, the only defense you have is to make sure that you,
your employees, and your business maintain strong levels of Cyber Hygiene. No need to repeat all that again, a simple
Google search can reveal what you need to do right now.
Finally more information about HEAT can be seen here at this
link:
https://www.menlosecurity.com/blog/two-minutes-onhighly-evasive-adaptive-threats-heat/
No comments:
Post a Comment