Top Categories Evading URL Link Analysis

Date :

Evasive Malicious Downloads

Date :

January, 2023

TitleValue
PDF1262
ZIP406
Win EXE388
Unknown134
Excel112
CSV90
Word66
Linux EXE43
RAR24
PowerPoint12

Date :

The Rise of Highly Evasive Adaptive Threats (HEAT)

A HEAT attack is a class of cyberthreat that leverages web browsers as the attack vector and employs various techniques to evade multiple layers of detection in current security stacks.

4 Characteristics of HEAT

HEAT attacks are one of the biggest unknown security threats organizations face. These threats leverage four evasive techniques to bypass legacy network security defenses such as sandboxes, anti-virus engines, malicious link analysis, offline domain analysis, and indicators of compromise (IoC) feeds:


By using ephemeral and/or compromised malicious sites with benign categorization


By abusing design functionality of popular sites that allow user content to be hosted on these web sites


By delivering attacks via other channels and collaboration platforms like MS Teams, Slack, OneDrive, LinkedIn, Zoom, WhatsApp etc. attackers are able to circumvent any traditional inspection on the email path.


These kind of attacks are aslo lnown as multi-channel attacks.


By using techniques like HTML smuggling and password protected archives attackers are able to bypass network based inspection engines like proxys and sandboxes.


By using obfuscated code and relying on techniques that construct malicious pages post-rendering by using the CSS elements attackers are able to bypass page inspection.

How It Works

Put your security stack to the test and find out if you’re currently vulnerable. Our HEATcheck assessment tool provides a self-service, lightweight penetration assessment to help organizations better understand susceptibility to various HEAT attacks. If vulnerable, we’ll share how to make these attacks never happen.

Login to HEATcheck

Obtain access credentials from Menlo Security

Select HEAT Attack Simulation

Choose from a menu of different benign HEAT simulations

View HEAT Assessment

View assessment results a la carte or with automated report