Hackers may have advanced evasion techniques

Lab confirms security company's suspicions

An independent laboratory has confirmed a Finnish security firm's reported discovery of new evasion techniques that can allow hackers undetected access to key target systems, defeating the most common security systems.

Engineers at Stonesoft, based in Helsinki with U.S. headquarters in Atlanta, first discovered the Advanced Evasion Techniques, according to the company. Stonesoft executives provided their information to ICSA Labs, an independent division of Verizon Business, which confirmed the findings.

"Essentially, AETs provide today’s cyber criminals with a master key to access any vulnerable system, such as ERP and CRM applications, by bypassing today’s network security systems," Stonesoft executives wrote in an announcement. "As a result, companies may suffer a significant data breach, including the loss of confidential corporate information. Additionally, these types of AETs could be used by organized crime and cyber terrorists to conduct illegal and potentially damaging activities."

In an entry on ICSA's blog, ICSA network Intrusion Prevention System program manager Jack Walsh described the lab's role in confirming the findings.

"As an independent, unbiased third-party testing organization with more than 20 years experience in the testing business, we sometimes get calls asking us to confirm the findings of organizations," Walsh wrote. "And so it was with the Stonesoft AET discoveries. David Koconis, who leads our vulnerability research team here at ICSA Labs, was among those able to confirm that the AETs, when coupled with attacks, really do evade many well-known commercial IPS systems."

Stonesoft also provided its findings to Finland’s Computer Emergency Readiness Team.

Walsh and Mark Boltz, senior solutions architect at Stonesoft, will host a conference call for anyone interested. The call will take place Oct. 26 at 11 a.m. Eastern time. More information on the call is available here.

About the Author

Technology journalist Michael Hardy is a former FCW editor.

Featured

  • Records management: Look beyond the NARA mandates

    Records management is about to get harder

    New collaboration technologies ramped up in the wake of the pandemic have introduced some new challenges.

  • puzzled employee (fizkes/Shutterstock.com)

    Phish Scale: Weighing the threat from email scammers

    The National Institute of Standards and Technology’s Phish Scale quantifies characteristics of phishing emails that are likely to trick users.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.