MOUNTAIN VIEW, California–(COMMERCIAL WIRE)–Web malware (47 percent) and ransomware (42 percent) now top the list of security threats organizations are most concerned about. Yet despite the growing risks, less than a third (27 percent) have advanced threat protection on every endpoint device that can access corporate applications and resources. This is according to new research,’The State of Threat Prevention: Evasive Threats Take Center Stage‘, published today by Menlo Securitya leader in cloud security, explores what steps organizations are taking to protect themselves in the wake of a new class of cyber threats, known as Highly evasive adaptive threats (HEAT).
As employees spend more time working in the browser and accessing cloud-based applications, the risk of HEAT attacks increases. Nearly two-thirds of organizations have had a device compromised by a browser-based attack in the last 12 months. The report suggests that organizations are not being proactive enough to mitigate the risk of these threats, with 45 percent failing to strengthen their network security stack in the past year. There are also conflicting views on the most effective place to implement security to prevent advanced threats, with 43 percent citing the network and 37 percent the cloud.
“Threat actors are looking to exploit gaps in traditional security defenses and the fact that security capabilities haven’t really changed over the last decade. One of the areas that attackers are focusing on is the use of web threats, and we are seeing more and more successfully deployed using HEAT techniques. Last year, we saw Nobelium use HTML smuggling, a HEAT tactic to bypass static and dynamic content analysis, to launch malware and ransomware attacks. The fact that they are successful means their use will increase, which could have devastating consequences for businesses of all sizes,” said Mark Guntrip, senior director of cybersecurity strategy at Menlo Security.
“Labor practices have changed and companies must stop relying on traditional tools and strategies that are no longer sufficient. Taking a prevention-based approach to security is the only way to achieve this, and using isolation-based security to do so prevents the browser from having direct interaction with the website and content and ensures that HEAT attacks don’t stand a chance.” .
Conflicting Security Priorities
Based on research among more than 500 IT decision-makers in the UK and US, hybrid/remote work (28 per cent) is the biggest challenge organizations expect to face this year when it comes to protecting their network corporate advanced threats. This is followed by budget constraints (15 percent), the presence of unmanaged devices (14 percent), and outdated security solutions (13 percent).
There are also several competing priorities for IT professionals when it comes to improving their security posture in 2022. Staff training tops the list (61 percent), followed by technology investment to protect the corporate network (60 percent). cent), adapting to new ways of working. (50 percent), and invest in trained security members at 45 percent.
Additional Research Findings:
Although 55% of respondents have invested in their security stack in the past year and 27% have advanced threat protection in place, it is not having the desired effect as attacks continue to successfully penetrate their lines of defense.
Half of those surveyed believe firewalls are an effective way to mitigate HEAT attacks, and 31 percent favor VPNs.
Organizations believe that the threat of a cyber attack is a case of ‘when’ not ‘if’, regardless of size. Consequently, IT decision makers are most concerned about the reputational damage (62 percent) and financial loss (57 percent) that a security breach could have on their business.
According to Guntrip, “Organizations should prioritize a review of their network security solution stack. HEAT attacks target web browsers as an attack vector and employ techniques to evade detection by multiple layers in today’s security stacks, including firewalls, Secure Web Gateways, sandbox scanning, URL reputation, and phishing detection, for example. so clearly a new strategy is needed.”
What are HEAT attacks?
The Menlo Labs research team has been looking at Highly evasive adaptive threats (HEAT), which bypass traditional security defenses including firewalls, secure web gateways, sandbox scanning, URL reputation, and phishing detection.
Used to deliver malware or compromise credentials, in many cases leading to ransomware payloads, HEAT attacks include at least one of four evasion techniques:
Evade inspection of static and dynamic content
Evade malicious link analysis
Bypass offline categorization and threat detection
Bypass HTTP traffic inspection
The Menlo Labs team saw a 224 percent increase in HEAT attacks in the second half of 2021.
About Menlo Security
Menlo Security protects organizations from cyber attacks by removing the threat of malware from the web, documents, and email. Menlo Security’s isolation-powered cloud security platform scales to provide comprehensive protection for businesses of any size, without requiring endpoint software or impacting the end-user experience. Menlo Security is trusted by big global business, including Fortune 500 companies and eight of the world’s ten largest financial services institutions, and is backed by Vista Equity Partners, Neuberger Berman, General Catalyst, American Express Ventures, Ericsson Ventures, HSBC and JP Morgan Chase. Menlo Security is based in Mountain View, California. For more information please visit www.menlosecurity.com.
The survey asked 505 IT decision makers in the US and UK, including CIOs and CISOs in the HEAT landscape, how companies are responding to threats and what their security challenges and priorities are for 2022. Interviews were conducted online by Sapio Research. in February 2022 via email invitation and online survey.