Menlo Security’s latest report highlights the evolving threat landscape of global cyber gangs, which are now leveraging Highly Evasive and Adaptive Threat (HEAT) techniques. These sophisticated attacks target various sectors, including banking, finance, insurance, legal, government, and healthcare. HEAT attacks utilize advanced methods such as dynamic behavior, fileless attacks, and delayed execution to bypass traditional security measures, posing significant challenges to detection and prevention efforts.
The report identifies three prominent HEAT campaigns: LegalQloud, Eqooqp, and Boomer. LegalQloud uses trusted domains and URL obfuscation to evade security, often hosted on platforms like Tencent Cloud and targeting legal firms and investment banks. Eqooqp employs Adversary in the Middle (AiTM) techniques to defeat multi-factor authentication (MFA), focusing on government and private sector organizations. Boomer is noted for its advanced phishing tactics, including dynamic phishing sites and custom HTTP headers, targeting government and healthcare sectors.
Menlo Security’s findings show that 60% of user-clicked malicious links are related to phishing or fraud, with 25% evading detection by legacy URL filtering systems. The report reveals that these HEAT campaigns can bypass MFA and take over sessions using tools like AiTM kits. The report emphasizes the need for improved cybersecurity measures and heightened vigilance to counter these sophisticated threats.
To address the rising threat of state-sponsored cybercrime, the report calls for increased international cooperation, including intelligence sharing and joint investigations. It also underscores the importance of robust cybersecurity practices, employee training, and the adoption of advanced security technologies to protect against these evolving threats.
