Sunday, April 3, 2022

The Next Threat Variant To Emerge From COVID-19 & The Ukraine Crisis

 


As I look back two years ago when the COVID-19 pandemic first hit, never did I think, or for that matter, really anybody else, that the world would be forever changed as it has been right now.  Sure there are global tensions right now, but those will have a way of working out.  All conflicts of that nature, for the most part, have some kind of resolution in the end, if history proves right.

But the pandemic is something that will stay with us permanently now, just like the flu virus has.  There will be peaks and troughs in terms of the total number of people getting sick or dying, but eventually the human race will accept it and move on with it.  Heck, even the WHO is giving some thoughts right now as to classifying COVID-19 now as an “endemic”.

True, the virus has brought a lot of bad with it, but on the flip side, it has brought some good with it also.  Consider some of these:

*The near 99% workforce which was once thought to be a future concept is now a reality and seems like it will be now forever;

*The vaccine creation process has greatly increased.  For example what would take 4 years to bring a vaccine to market has now happened in just a matter of months;

*Although there is a still a great deal of reactiveness in our culture, at least people have now started to realize the importance of Cybersecurity, and what it means.

The focus of this blog is going to be on the latter, because of course that is where my experience is in.  The threat landscape is an always changing one, and will only get crazier over time.  Many security pundits predicted that 2022 will be the worst year ever, and while the total number of Ransomware attacks do continue, so far at least to me, I don’t see a lot of difference from last year.

But, just like the COVID-19 variants that have come out, such as that of Delta and Omicron, there will also be many variants of Cyber attack vectors as well. Remember, unless they have deep pockets or have a well-developed research team, the Cyberattacker of today really does not want to create new variants from scratch.

Rather, they are just happy to create something a little different from a previous launch.  In other words, all they want to do is merely build a better mousetrap in mind.  So with this in mind, many Cyber analysts have their eyes on a possible new variant, and this one is called “HEAT”, and it is acronym for “Highly Evasive Adaptive Threats”. 

It has been discovered by Menlo Security, and it targets primarily the vulnerabilities that are found in all of the web browsers that are being used today, most notably those of Chrome and Edge.  The reason for this is prey is simple and clear: 

With everybody working from home (WFH), one of the primary tools that is used for conducting everyday job tasks is the browser itself.  In fact, it has even been cited that at least 75% of the remote workers are on the web to do their job functions. 

More information about this can be seen at this link:

https://cloud.google.com/blog/products/chrome-enterprise/chrome-is-helping-it-teams-support-cloud-first-workforce

And in fact, Menlo Security has discovered a whopping 224% in HEAT based attacks since the second half of last year.  So what makes this new variant so stealthy?  Here are some clues:

1)     It avoids the conventional IDSs and IPSs:

These are acronyms that stand for an Intrusion Detection System and Intrusion Prevention System, respectively.  The former uses known profiles to detect threats, and the latter uses heuristic learning algorithms to help stop the threats from happening in the first place.  But, the HEAT variant is so sophisticated it can evade both of them by using a technique known as “HTML Smuggling”.

2)     Avoids link analysis:

Most email systems today are actually pretty good in blocking emails that seem to contain a malicious link that is embedded within them.  For example, either the email is quarantined or the images and links are totally disabled should the email still find their way into the end user’s inbox.  But the HEAT variant can bypass all of this, using other sophisticated techniques, which in all honesty, have not been completely discovered yet.

3)     Replicating the good sites:

The worst of domain name heisting and the creation of phony websites reached its peak at the height of the pandemic.  This still continues, but in the past, there were always some telltale signs of a phony website.  But now, with the advanced techniques of the HEAT variant, the Cyberattacker is able to 100% replicate an honest and good website and make it look like the real thing.  Because of this, they ae able to avoid the being blacklisted by the various domain registries around the world.

4)     Evades firewalls and routers:

Both of these tools are used to sniff out for malicious data packets, and prevent their entry into the internal environment.  But a drawback of them is that they are highly dependent upon known signatures from previous attacks in order to learn what a malicious data packet is.  Because of this, many businesses are now making use of what is known as the “Next Generation Firewall”, which makes of both AI and ML in order to learn and build profiles about these known signatures.  From here, this tool can project as to what a malicious data packet could like into the future.  But even here, the HEAT variant can bypass most of this by simply hiding in a vulnerability discovered in the Java Script coding.

My Thoughts On This:

IMHO, the world will be seeing more of this kind of variant this year, and even going into 2023.  As I have described, the Cyberattacker is cheap about the creation of a slightly newer variant built upon a previous one, but they are extremely proactive about being much more sophisticated in their ways.  The bottom line in all of this is that they are able to evade detection by hiding in the various memory components of the wireless device or the web browser itself.

In the end, the only defense you have is to make sure that you, your employees, and your business maintain strong levels of Cyber Hygiene.  No need to repeat all that again, a simple Google search can reveal what you need to do right now.

Finally more information about HEAT can be seen here at this link:

https://www.menlosecurity.com/blog/two-minutes-onhighly-evasive-adaptive-threats-heat/

No comments:

Post a Comment

How To Launch A Better Penetration Test In 2025: 4 Golden Tips

  In my past 16+ years as a tech writer, one of the themes that I have written a lot about is Penetration Testing.   I have written man blog...