Cyber Defense eMagazine March Edition for 2022
The view from the Publisher’s desk is very encouraging, based on celebrating 10 years of growth and success at Cyber Defense Magazine! When our tiny team began our journey at Cyber Defense Media Group (CDMG) together in January 2012, we were happy to help smaller, lesser-known innovators of infosec, get their message out there and Rise Above the noise. Now, after 10 years, we’re even helping multi-billion-dollar companies and governments around the globe with our offices in DC, London, FL, NY and other locations in play, as we continue to scale, thanks to you – our readers, listeners, viewers and media partners. Beyond the magazine, in response to the demands of our markets, the scope of CDMG’s activities has grown into many media endeavors. They now include Cyber Defense Awards; Cyber Defense Conferences; Cyber Defense Professionals (job postings site being revamped); Cyber Defense TV, Radio, and Webinars; and Cyber Defense Ventures (partnering with investors). Please check them out and see how much more CDMG has to offer! Very respectfully and with much appreciation, Gary Miliefsky, Publisher
The view from the Publisher’s desk is very encouraging, based on celebrating 10 years of growth and success at Cyber Defense Magazine! When our tiny team began our journey at Cyber Defense Media Group (CDMG) together in January 2012, we were happy to help smaller, lesser-known innovators of infosec, get their message out there and Rise Above the noise. Now, after 10 years, we’re even helping multi-billion-dollar companies and governments around the globe with our offices in DC, London, FL, NY and other locations in play, as we continue to scale, thanks to you – our readers, listeners, viewers and media partners. Beyond the magazine, in response to the demands of our markets, the scope of CDMG’s activities has grown into many media endeavors. They now include Cyber Defense Awards; Cyber Defense Conferences; Cyber Defense Professionals (job postings site being revamped); Cyber Defense TV, Radio, and Webinars; and Cyber Defense Ventures (partnering with investors).
Please check them out and see how much more CDMG has to offer!
Very respectfully and with much appreciation,
Gary Miliefsky, Publisher
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
content to the endpoint by adapting to the targeted environment. Since July of last year, our research<br />
team has seen a 224% increase in HEAT attacks.<br />
Given that many of us now spend around three-quarters of our day using a web browser, it’s an obvious<br />
target.<br />
HEAT attacks leverage one or more of the following core techniques that bypass legacy network security<br />
defences:<br />
1. Evades both static and dynamic content inspection: HEAT attacks evade both signature and<br />
behavioural analysis engines to deliver malicious payloads to the victim using innovative techniques,<br />
such as HTML Smuggling. This technique was used by Nobelium the hacking group behind the<br />
SolarWinds ransomware attack. In a recent case, dubbed ISOMorph, the campaign used the popular<br />
Discord messaging app to host malicious payloads. Menlo Labs identified over 27,000 malware attacks,<br />
which were delivered using HTML Smuggling within the last 90 days.<br />
2. Evades malicious link analysis: These threats evade malicious link analysis engines traditionally<br />
implemented in the email path where links can be analysed be<strong>for</strong>e arriving at the user.<br />
3. Evades offline categorisation and threat detection: HEAT attacks evade web categorisation by<br />
delivering malware from benign websites, either by compromising them, or patiently creating new ones.<br />
Referred to as Good2Bad websites. Menlo Labs has been tracking an active threat campaign dubbed<br />
SolarMarker, which employs SEO poisoning. The campaign started by compromising a large set of low<br />
popularity websites that had been categorised as benign, infecting these websites with malicious content.<br />
Good2Bad websites have increased 137% year-over-year from 2020 to 2021.<br />
4. Evades HTTP Traffic Inspection: In a HEAT attack, malicious content such as browser exploits,<br />
crypto-mining code, phishing kit code and images impersonating known brands’ logos is generated by<br />
JavaScript in the browser by its rendering engine, making any detection technique useless. The top three<br />
brands impersonated in phishing attacks are Microsoft, PayPal, and Amazon. A new phishing website<br />
imitating one of these brands is created every 1.7 minutes.<br />
The case <strong>for</strong> Zero Trust and SASE<br />
Be it file inspections per<strong>for</strong>med by SWG anti-virus engines and sandboxes, network and HTTP-level<br />
inspections, malicious link analysis, offline domain analysis, or indicator of compromise (IOC) feeds,<br />
many legacy defences are rendered near useless when confronted with these evasive techniques.<br />
A significant part of the challenge lies in the fact that HEAT characteristics equally have genuine uses.<br />
There<strong>for</strong>e, they cannot simply be blocked at the function level. Rather, they need to be prevented.<br />
To achieve this, a shift in mindset and an updated security posture is required. Trying to overcome the<br />
challenges of web security with endpoint security creates a square peg in a round hole scenario – it<br />
simply does not guarantee protection.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>March</strong> <strong>2022</strong> <strong>Edition</strong> 104<br />
Copyright © <strong>2022</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Change language