Top Categories Evading URL Link Analysis
Date :
Jan – April, 2023
| Title | Value |
|---|---|
| Uncategorized | 8914 |
| Computer and Internet Info | 3711 |
| Business and Economy | 2789 |
| Shopping | 926 |
| Streaming Media | 681 |
| Parked Domains | 534 |
| Personal Storage | 376 |
| Entertainment and Arts | 356 |
| Fashion and Beauty | 303 |
| Individual Stock Advice and Tools | 303 |
Evasive Malicious Downloads
Date :
Jan – July, 2023
| Title | Value |
|---|---|
| 662 | |
| ZIP | 232 |
| EXCEL | 50 |
| Unknown | 24 |
| RAR | 9 |
| LinuxEXE | 6 |
| Word | 6 |
| 7Zip | 3 |
Evasive Threats Trends 2023
Date :
2023
| Title | Value |
|---|---|
| Jan – Feb | 12772 |
| Feb – Mar | 20194 |
| Mar – Apr | 39675 |
| Apr – May | 47733 |
| May – June | 79628 |
The Rise of Highly Evasive Adaptive Threats (HEAT)
A HEAT attack is a class of cyberthreat that leverages web browsers as the attack vector and employs various techniques to evade multiple layers of detection in current security stacks.
4 Characteristics of HEAT
HEAT attacks are one of the biggest unknown security threats organizations face. These threats leverage four evasive techniques to bypass legacy network security defenses such as sandboxes, anti-virus engines, malicious link analysis, offline domain analysis, and indicators of compromise (IoC) feeds:
By using ephemeral and/or compromised malicious sites with benign categorization
By abusing design functionality of popular sites that allow user content to be hosted on these web sites
By delivering attacks via other channels and collaboration platforms like MS Teams, Slack, OneDrive, LinkedIn, Zoom, WhatsApp etc. attackers are able to circumvent any traditional inspection on the email path.
These kind of attacks are also known as multi-channel attacks.
By using techniques like HTML smuggling and password protected archives attackers are able to bypass network based inspection engines like proxys and sandboxes.
By using obfuscated code and relying on techniques that construct malicious pages post-rendering by using the CSS elements attackers are able to bypass page inspection.
How It Works
Put your security stack to the test and find out if you’re currently vulnerable. Our HEATcheck assessment tool provides a self-service, lightweight penetration assessment to help organizations better understand susceptibility to various HEAT attacks. If vulnerable, we’ll share how to make these attacks never happen.
Login to HEATcheck
Obtain access credentials from Menlo Security
Select HEAT Attack Simulation
Choose from a menu of different benign HEAT simulations
View HEAT Assessment
View assessment results a la carte or with automated report