Hackers may have advanced evasion techniques

Lab confirms security company's suspicions

An independent laboratory has confirmed a Finnish security firm's reported discovery of new evasion techniques that can allow hackers undetected access to key target systems, defeating the most common security systems.

Engineers at Stonesoft, based in Helsinki with U.S. headquarters in Atlanta, first discovered the Advanced Evasion Techniques, according to the company. Stonesoft executives provided their information to ICSA Labs, an independent division of Verizon Business, which confirmed the findings.

"Essentially, AETs provide today’s cyber criminals with a master key to access any vulnerable system, such as ERP and CRM applications, by bypassing today’s network security systems," Stonesoft executives wrote in an announcement. "As a result, companies may suffer a significant data breach, including the loss of confidential corporate information. Additionally, these types of AETs could be used by organized crime and cyber terrorists to conduct illegal and potentially damaging activities."

In an entry on ICSA's blog, ICSA network Intrusion Prevention System program manager Jack Walsh described the lab's role in confirming the findings.

"As an independent, unbiased third-party testing organization with more than 20 years experience in the testing business, we sometimes get calls asking us to confirm the findings of organizations," Walsh wrote. "And so it was with the Stonesoft AET discoveries. David Koconis, who leads our vulnerability research team here at ICSA Labs, was among those able to confirm that the AETs, when coupled with attacks, really do evade many well-known commercial IPS systems."

Stonesoft also provided its findings to Finland’s Computer Emergency Readiness Team.

Walsh and Mark Boltz, senior solutions architect at Stonesoft, will host a conference call for anyone interested. The call will take place Oct. 26 at 11 a.m. Eastern time. More information on the call is available here.

About the Author

Technology journalist Michael Hardy is a former FCW editor.

Featured

  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/Shutterstock.com)

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected