HEAT: Examining the next-class of browser-based attacks. [CyberWire-X]

CyberWire Daily

N2K Networks, Inc.

Daily News, Tech News, News, Technology

4.6 • 1K Ratings

🗓️ 6 March 2022

⏱️ 36 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

Modern enterprises have evolved drastically over the last two years as a result of the global pandemic. Due in part to organizations pivoting quickly to new business models by migrating apps and services to the cloud to enable hybrid and remote workforces, the “new” office has quickly become the web browser. Today, business users are spending an average of 75% of their workday in a browser – that’s where productivity takes place! But the digital enhancements of the last two years have ushered in widespread transformation that expanded attack surfaces and created new opportunities for cyber miscreants, giving rise to Highly Evasive Advanced Threats (HEAT). During this episode of CyberWire-X, the CyberWire's Dave Bittner speaks with Dan Prince, Senior Lecturer in Security and Protection Science at the School of Computing and Communications at Lancaster University, about the topic. Show Sponsor Menlo Security's Nick Edwards and Dave explore what HEAT attacks are, how they work, and why they’re resulting in the rise of ransomware attacks and account takeovers.

Transcript

Click on a timestamp to play from that location

0:00.0	You're listening to the CyberWire X, a series of specials where we highlight important security topics
0:25.4	affecting organizations worldwide.
0:27.7	I'm Dave Bitner.
0:29.1	Today's episode is titled Turning Up the Heat, Highly Evasive Adaptive Threats.
0:35.1	The global pandemic has prompted an unprecedented shift in enterprise IT and security
0:40.0	over the last two years, remote and hybrid workforces and the accelerated shift to the cloud
0:46.0	mean that business users are spending about 75% of their work day in the browser,
0:51.0	and attackers have adapted their tactics, techniques and procedures
0:55.0	to take advantage of the expanded attack surface this new normal provides.
1:00.0	In this edition of CyberWire X, we'll take a closer look at browser-based threats and vulnerabilities
1:06.6	and explore the notion of highly evasive adaptive threats, which our show sponsor Menlo Security refers to as Heat.
1:15.2	A program note, each CyberWire X special features two segments.
1:19.8	In the first part of the show we'll hear from industry experts on the topic at hand and in the second part we'll hear from our show sponsor for their point of view.
1:28.0	And speaking of sponsors, here's a word from our sponsor, Menlo Security. Trust is a wonderful thing except when it comes to remote access.
1:46.0	Back when applications were centralized with just a few remote users,
1:50.0	you could trust they were safe enough.
1:52.0	But with remote work and cloud-based
1:54.8	applications now the norm, trust can only go so far. Only Menlo Private
2:00.5	Access or MPA offers true zero trust remote access to your private applications.
2:07.1	With its elastic isolation core, MPA keeps users separated from applications.
2:13.0	To gain access, users must be authenticated through MPA,
2:17.0	ensuring every connection is visible and secure.
	...

Please login to see the full transcript.

Previous episode | Next episode

Disclaimer: The podcast and artwork embedded on this page are from N2K Networks, Inc., and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of N2K Networks, Inc. and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.