Cyber Defense eMagazine March Edition for 2022

More documents

Recommendations

Info

content to the endpoint by adapting to the targeted environment. Since July of last year, our research team has seen a 224% increase in HEAT attacks. Given that many of us now spend around three-quarters of our day using a web browser, it’s an obvious target. HEAT attacks leverage one or more of the following core techniques that bypass legacy network security defences: 1. Evades both static and dynamic content inspection: HEAT attacks evade both signature and behavioural analysis engines to deliver malicious payloads to the victim using innovative techniques, such as HTML Smuggling. This technique was used by Nobelium the hacking group behind the SolarWinds ransomware attack. In a recent case, dubbed ISOMorph, the campaign used the popular Discord messaging app to host malicious payloads. Menlo Labs identified over 27,000 malware attacks, which were delivered using HTML Smuggling within the last 90 days. 2. Evades malicious link analysis: These threats evade malicious link analysis engines traditionally implemented in the email path where links can be analysed before arriving at the user. 3. Evades offline categorisation and threat detection: HEAT attacks evade web categorisation by delivering malware from benign websites, either by compromising them, or patiently creating new ones. Referred to as Good2Bad websites. Menlo Labs has been tracking an active threat campaign dubbed SolarMarker, which employs SEO poisoning. The campaign started by compromising a large set of low popularity websites that had been categorised as benign, infecting these websites with malicious content. Good2Bad websites have increased 137% year-over-year from 2020 to 2021. 4. Evades HTTP Traffic Inspection: In a HEAT attack, malicious content such as browser exploits, crypto-mining code, phishing kit code and images impersonating known brands’ logos is generated by JavaScript in the browser by its rendering engine, making any detection technique useless. The top three brands impersonated in phishing attacks are Microsoft, PayPal, and Amazon. A new phishing website imitating one of these brands is created every 1.7 minutes. The case for Zero Trust and SASE Be it file inspections performed by SWG anti-virus engines and sandboxes, network and HTTP-level inspections, malicious link analysis, offline domain analysis, or indicator of compromise (IOC) feeds, many legacy defences are rendered near useless when confronted with these evasive techniques. A significant part of the challenge lies in the fact that HEAT characteristics equally have genuine uses. Therefore, they cannot simply be blocked at the function level. Rather, they need to be prevented. To achieve this, a shift in mindset and an updated security posture is required. Trying to overcome the challenges of web security with endpoint security creates a square peg in a round hole scenario – it simply does not guarantee protection. Cyber Defense eMagazine – March 2022 Edition 104 Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.
Critically, endpoint security only detects a threat once it is written to the file system, at which point a network will likely have been compromised already. Further, it is not able to protect unmanaged devices, while also harbouring a high chance of inundating the security operations centre (SOC) with too many alerts. In dealing with HEAT, prevention is the best policy. Not only can it help to alleviate pressures on endpoints, but it can also make the already challenging lives of SOC teams much easier, creating a more sustainable environment of investigation, escalation and resolution. This shift begins with a thorough review of existing security policies. Those that still remain built around a central policy pillar of detection and response need to be adapted and enhanced so they are fit for purpose in the modern work environment. A Zero Trust approach, backed by the Secure Access Service Edge (SASE) framework, which feature key security technology components will cater to today’s remote and hybrid workforces. SASE ensures security is built around users, core applications and company data at the edge by converging connectivity and security stacks. No longer are security stacks on the outside looking in; they are integrated within the cloud. In the face of HEAT, organisations should focus on three key tenets to limit their susceptibility to these types of attacks: shifting from a detection to a prevention mindset, stopping threats before they hit the endpoint, and incorporating advanced anti-phishing and isolation capabilities. For more information on HEAT: Too Hot to Handle. About the Author Jonathan Lee, Senior Product Manager, Menlo Security. Jonathan Lee serves as a trusted advisor to enterprise customers, and works closely with analysts and industry experts to identify market needs and requirements, and establish Menlo Security as a thought leader in the Secure Web Gateway (SWG) and Secure Access Service Edge (SASE) space. Jonathan previously worked for ProofPoint and Websense. As an industry expert, commentator and speaker, Jonathan is well versed in data protection, threat analysis, networking, Internet isolation technologies, and clouddelivered security. Jonathan can be reached online at @Menlosecurity and at our company website: https://www.menlosecurity.com/ Cyber Defense eMagazine – March 2022 Edition 105 Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.
Page 1 and 2:
Why Changing Classified Document St
Page 3 and 4:
Tips And Trends for OT Cybersecurit
Page 5 and 6:
@MILIEFSKY From the Publisher… De
Page 7 and 8:
Welcome to CDM’s March 2022 Issue
Page 9 and 10:
Cyber Defense eMagazine - March 202
Page 11 and 12:
Page 13 and 14:
Page 15 and 16:
Page 17 and 18:
Page 19 and 20:
level of concern while working remo
Page 21 and 22:
The Fragility of a GPS Centric Worl
Page 23 and 24:
Formerly known as LOng-RAnge Naviga
Page 25 and 26:
The Role of The CFO In Enterprise C
Page 27 and 28:
Help them mitigate potential risks
Page 29 and 30:
The Safest Ways for Bitcoin Trading
Page 31 and 32:
and clear instructions through a "N
Page 33 and 34:
According to Cybereason’s “Rans
Page 35 and 36:
If you implement these three tips,
Page 37 and 38:
• Nearly half of zero-day malware
Page 39 and 40:
Don’t Become a Horrible Headline:
Page 41 and 42:
pandemic era. By empowering profess
Page 43 and 44:
Have We Learned from Our Past Mista
Page 45 and 46:
internet, etc. How much training is
Page 47 and 48:
How to strengthen cyber resilience
Page 49 and 50:
A BCDR solution with automated disa
Page 51 and 52:
1. Cybersecurity Incidents Will Bec
Page 53 and 54: Is XDR The Right Solution for Today
Page 55 and 56: How Open XDR Helps Open XDR address
Page 57 and 58: A very small set of next-gen SIEM s
Page 59 and 60: • What are my options for data la
Page 61 and 62: Additionally, we’ll witness the r
Page 63 and 64: Top 10 Reasons Cyber Defense Firms
Page 65 and 66: 4. Teamwork and individual responsi
Page 67 and 68: 5 Reasons Organizations Need Compre
Page 69 and 70: systems to manage identity and acce
Page 71 and 72: Directed Analytics - The Future of
Page 73 and 74: Directed analytics allow these insi
Page 75 and 76: InDesign and uploaded to indd.adobe
Page 77 and 78: Are You Prepared for the New Normal
Page 79 and 80: • Find Unseen Risk - The hardest
Page 81 and 82: intruders were able to gain control
Page 83 and 84: About the Authors Michael Cheng is
Page 85 and 86: Why am I rehashing this old trope?
Page 87 and 88: 1. Look for and minimize attack sur
Page 89 and 90: On The Frontline in The War Against
Page 91 and 92: How to Fix Mid-Market Security Usin
Page 93 and 94: the particular victims being target
Page 95 and 96: 5 Ways Cybersecurity Will Change In
Page 97 and 98: #3: Supply chains will be the big r
Page 99 and 100: Executive Order Instructs Certain O
Page 101 and 102: • Stay ahead of fraud. Fraud cost
Page 103: Too Hot to Handle:The case for Zero
Page 107 and 108: To prevent lateral movement attacks
Page 109 and 110: Redefining Resilience in The New Wo
Page 111 and 112: About the Author Andrew Lawton is C
Page 113 and 114: Cyber Defense eMagazine - March 202
Page 135 and 136: CyberDefense.TV now has 200 hotseat
Page 137 and 138: Books by our Publisher: https://www
show all

Cyber Defense eMagazine March Edition for 2022

Create successful ePaper yourself

Delete template?

Save as template?