Throughout the last year, The Menlo Labs team has been tracking a distinct and notable rise in Highly
            Evasive Adaptive Threat (HEAT) techniques – a class of cyber threats that have been tailored to evade
            protective tools such as firewalls, secure web gateways, malware analysis including sandboxing, URL
            reputation and phishing detection technologies.


            Indeed, Menlo Labs identified a 224% increase in 2021, and we’re expecting a similarly alarming increase
            this year as attackers have further evolved their attack methods. If firms continue to lean heavily on
            traditional  detect  and  respond  security  techniques,  attackers  will  find  success  in  HEAT-based
            endeavours.



               2.  Basic security failures

            Unfortunately, basic security failures at even some of the most renowned organisations in the world
            continue to offer open doors for attackers to step through and begin to wreak havoc.

            Take the attack on Uber in September 2022. Here, a lone threat actor was able to gain administrative
            control over the ride hailing giant’s IT systems and security tools owing to an exposed PowerShell script
            that contained admin credentials to the firm’s privileged access management (PAM) platform.


            Indeed, it is a telling example. It doesn’t matter how extensive an organisation’s security investments
            might be, or how sophisticated their technologies are. Often, threat actors can use simple and proven
            methods such as social engineering techniques to find ways around them.

            This example hasn’t just reiterated that there is simply no silver bullet or panacea to stopping attacks.
            Indeed,  the  Uber  breach  also  showed  multi-factor  authentication  (MFA)  push  notifications  to  be
            exploitable, causing widespread concern and a demand for the use of FIDO2 passkeys and hardware
            tokens in replace of passwords. This is something we might begin to see gather momentum in 2023.
            However, it will take a lot of work to implement it on a widespread basis, and even then, we foresee
            attackers simply finding the next weakest link in the chain.



               3.  Browser-based attacks

            The third trend we see accelerating through 2023 is browser-based attacks. Undoubtedly the biggest
            attack surface available for threat actors to exploit today, it is critical that the security sector takes greater
            steps to protect this space.

            Indeed, several vendors are already looking at ways to add security controls directly inside the browser,
            moving away from traditional methods of improving protection with a separate endpoint agent or via the
            network edge where firewalls or secure web gateways are used.


            It’s pleasing to see major names such as Google and Microsoft making headway in this domain. Both
            organisations are developing and implementing built-in controls inside their respective Chrome and Edge
            browsers to secure at the browser level, rather than the network edge.







            Cyber Defense eMagazine – January 2023 Edition                                                                                                                                                                                                       32
            Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.