"Browser-Based Heat Attacks Putting CISOs on the Hot Seat"

As employee adoption of Software-as-a-Service (SaaS) applications and other cloud-based services grows, the web browser has become a popular entry point for attackers looking to stealthily breach an endpoint before moving into the network. Highly Evasive Adaptive Threats (HEAT) exploit browsers, using their tools and features to bypass traditional security measures, such as static analysis, web gateways, sandboxes, and filtering. Then HEAT attacks compromise credentials or deliver ransomware and other malicious programs. Niko Papez, senior manager of cybersecurity at Menlo Security, warned attendees at a recent InfoSec World conference session in Orlando about the growing dangers associated with these campaigns. HEAT tactics typically include the following signature attack tactics: HTML smuggling, dynamic drive-by downloads, and phishing messages delivered through non-traditional channels such as collaboration or social media platforms. This article continues to discuss HEAT attacks and tactics. 

SC Media reports "Browser-Based Heat Attacks Putting CISOs on the Hot Seat"