Hackers may have advanced evasion techniques

Lab confirms security company's suspicions

An independent laboratory has confirmed a Finnish security firm's reported discovery of new evasion techniques that can allow hackers undetected access to key target systems, defeating the most common security systems.

Engineers at Stonesoft, based in Helsinki with U.S. headquarters in Atlanta, first discovered the Advanced Evasion Techniques, according to the company. Stonesoft executives provided their information to ICSA Labs, an independent division of Verizon Business, which confirmed the findings.

"Essentially, AETs provide today’s cyber criminals with a master key to access any vulnerable system, such as ERP and CRM applications, by bypassing today’s network security systems," Stonesoft executives wrote in an announcement. "As a result, companies may suffer a significant data breach, including the loss of confidential corporate information. Additionally, these types of AETs could be used by organized crime and cyber terrorists to conduct illegal and potentially damaging activities."

In an entry on ICSA's blog, ICSA network Intrusion Prevention System program manager Jack Walsh described the lab's role in confirming the findings.

"As an independent, unbiased third-party testing organization with more than 20 years experience in the testing business, we sometimes get calls asking us to confirm the findings of organizations," Walsh wrote. "And so it was with the Stonesoft AET discoveries. David Koconis, who leads our vulnerability research team here at ICSA Labs, was among those able to confirm that the AETs, when coupled with attacks, really do evade many well-known commercial IPS systems."

Stonesoft also provided its findings to Finland’s Computer Emergency Readiness Team.

Walsh and Mark Boltz, senior solutions architect at Stonesoft, will host a conference call for anyone interested. The call will take place Oct. 26 at 11 a.m. Eastern time. More information on the call is available here.

About the Author

Technology journalist Michael Hardy is a former FCW editor.

inside gcn

  • digital model of city (Shutterstock.com)

    Why you need a digital twin

Reader Comments

Thu, Oct 28, 2010 Jeffrey A. Williams Frisco Texas

I was very glad and a bit relieved to read of ICSA's findings and also consider them an execellent testing and research organization. We at IDNS had also found some 6 months ago similar AET's impact when coupled with other forms and methods of attacks. Seems also that our findings are being begrudgingly recognized by MS recently given the latest patches for Windows 7. Regareds, Jeffrey A. Williams CSO/DIR. Internet Network Eng. SR. Eng. Network data security IDNS. div. of
Information Network Eng. INEG. INC.
ABA member in good standing member ID 01257402 E-Mail jwkckid1@ix.netcom.com
Phone: 214-244-4827

Thu, Oct 28, 2010 Eirik Iverson Chantilly, Virginia

I was writing a paper somewhat related to this topic when my boss brought your article to my attention. So, I skimmed through all of the vendors content (1000's of words) regarding their newly coined marketing term "AET". The content was ambiguous and sometimes circular. However, the vendor apparently has a product that solves the problem. So, cyber criminals, having breached an enterprise, can employ tactics that elude discovery, that hide/obfuscate their outbound communications from within the enterprise... I wonder if GCN would mind digging some specific examples out of this "AET" so practitioners can have a better idea as to what is NEW here. Maybe I was too hasty in 'skimming'. Or, maybe not! Clearly, post-breach, outbound communications from within the enterprise are increasingly getting more difficult to detect/discriminate. This makes 'prevention' of the breach all the more imperative. BTW, the paper I was/still writing concerns the optinoal layers of protection, their limitations, their roles in 'prevention' and in 'post-infection detection' because no defense is perfect.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group