"HEAT Attacks: A New Spin on Browser Exploit Techniques"

Cybercriminals looking to breach an endpoint to infiltrate a network are increasingly targeting web browsers. Increased business use of browsers on networks lacking the perimeter security infrastructure of traditional campus networks has rendered them more vulnerable to attacks. In recent months, there has been an increase in cyberattacks and data leaks caused by browser-related security incidents. Highly Evasive Adaptive Threats (HEAT) attacks put a new twist on current browser exploitation tactics. HEAT attacks exploit browsers through features and tools that evade conventional security protections. Then they inflict damage from within, such as by stealing credentials or delivering ransomware. Using well-known techniques such as phishing messages, HTML smuggling, and dynamic drive-by downloads, HEAT attacks commonly target Software-as-a-Service (SaaS) applications and other web-based tools critical to productivity. HEAT attacks can circumvent traditional cybersecurity controls such as a Secure Web Gateway (SWG) and anti-malware capabilities through malicious links disguised as common URLs that appear safe. A HEAT attack surpasses traditional phishing methods by inserting itself into links not flagged by anti-phishing software. This article continues to discuss the dangers posed by HEAT attacks and how companies can protect themselves against them. 

BetaNews reports "HEAT Attacks: A New Spin on Browser Exploit Techniques"