HEAT Attacks Bypass Traditional Security Solutions

Diving into details

• In an analysis of 500,000 domains, 69% of websites were found using HEAT tactics to deliver malware. 
• HEAT attacks employ techniques to bypass detection by various layers in current security solutions such as firewalls, sandbox analysis, URL Reputation, phishing detection, and secure web gateways.
• These attacks allow cybercriminals to spread malicious content to the endpoint by adapting to the targeted environment.

Techniques to bypass security defenses

• They use innovative techniques such as HTML Smuggling to bypass dynamic and static content inspection. This makes the attack invisible against both signature and behavioral analysis engines.
• They are capable of bypassing malicious link analysis engines, typically implemented in the email path where links are analyzed before being sent to the user.
• To evade web categorization, HEAT attacks deliver malware from benign websites, either by infecting them or creating new ones, which are called Good2Bad websites. The recent attacks by SolarMarker were similar methods to target its victims via SEO poisoning. 
• To evade HTTP traffic inspection, the malicious content impersonates the logos of known brands. These are created by JavaScript in the browser using its rendering engine to make any detection technique ineffective.

Ending notes