Page 32 - Cyber Defense eMagazine January 2023
P. 32
Throughout the last year, The Menlo Labs team has been tracking a distinct and notable rise in Highly
Evasive Adaptive Threat (HEAT) techniques – a class of cyber threats that have been tailored to evade
protective tools such as firewalls, secure web gateways, malware analysis including sandboxing, URL
reputation and phishing detection technologies.
Indeed, Menlo Labs identified a 224% increase in 2021, and we’re expecting a similarly alarming increase
this year as attackers have further evolved their attack methods. If firms continue to lean heavily on
traditional detect and respond security techniques, attackers will find success in HEAT-based
endeavours.
2. Basic security failures
Unfortunately, basic security failures at even some of the most renowned organisations in the world
continue to offer open doors for attackers to step through and begin to wreak havoc.
Take the attack on Uber in September 2022. Here, a lone threat actor was able to gain administrative
control over the ride hailing giant’s IT systems and security tools owing to an exposed PowerShell script
that contained admin credentials to the firm’s privileged access management (PAM) platform.
Indeed, it is a telling example. It doesn’t matter how extensive an organisation’s security investments
might be, or how sophisticated their technologies are. Often, threat actors can use simple and proven
methods such as social engineering techniques to find ways around them.
This example hasn’t just reiterated that there is simply no silver bullet or panacea to stopping attacks.
Indeed, the Uber breach also showed multi-factor authentication (MFA) push notifications to be
exploitable, causing widespread concern and a demand for the use of FIDO2 passkeys and hardware
tokens in replace of passwords. This is something we might begin to see gather momentum in 2023.
However, it will take a lot of work to implement it on a widespread basis, and even then, we foresee
attackers simply finding the next weakest link in the chain.
3. Browser-based attacks
The third trend we see accelerating through 2023 is browser-based attacks. Undoubtedly the biggest
attack surface available for threat actors to exploit today, it is critical that the security sector takes greater
steps to protect this space.
Indeed, several vendors are already looking at ways to add security controls directly inside the browser,
moving away from traditional methods of improving protection with a separate endpoint agent or via the
network edge where firewalls or secure web gateways are used.
It’s pleasing to see major names such as Google and Microsoft making headway in this domain. Both
organisations are developing and implementing built-in controls inside their respective Chrome and Edge
browsers to secure at the browser level, rather than the network edge.
Cyber Defense eMagazine – January 2023 Edition 32
Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.