Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Advanced Evasion Techniques Should Not Be Ignored

Stonesoft Networks : 02 December, 2010  (Technical Article)
Stonesoft explains the threat of Advanced Evasion Techniques being increasingly used by hackers and why the industry should not ignore this emerging threat
The European Union wants to impose stiffer penalties on cyber spies and hackers to increase the security of data and networks. However, for the law to be effective, the perpetrators must first be caught. And that is precisely a new challenge for the IT security industry when it comes to Advanced Evasion Techniques (AET). Hackers using this new way of attack, the combination of different evasion techniques to cover up attacks, are able to penetrate networks without being noticed, with plenty of time to look for a security leak or inadequately protected information.

The discovery of AETs by Stonesoft has elicited criticism from those who do not consider this a new or real IT threat. On this point, I can only say that it would be naive to downplay or ignore the risk. The details of this discovery have been shared with CERT-FI in Finland for vulnerability coordination purposes, and ICSA Labs has validated and confirmed the risk of hitherto unknown evasion techniques. Even if at present there is no evidence of actual attacks using this method - after all, AETs do not leave any traces in conventional security systems - there are highly professional hackers who have the financial means and necessary know-how to use these techniques. At the same time, the example of the Zeus malicious code shows that hacker knowledge can also be viewed as a type of commodity that can be traded by criminals at great profit. What can be confirmed in a laboratory environment, can also - or especially - occur in real networks. In the end, it will only be a matter of time and available resources. Ignoring the threat posed by AETs now means ignoring an opportunity to be a step ahead of cyber criminals.

Attacks using AETs are elaborate and require considerable knowledge, but that does not make them any more unlikely. Rather, it is actually more likely that well-organised hackers in particular will use these techniques to steal critical information for the black market, because there is a lot of money to be made. In addition, the possibility of politically motivated attacks on networks using AETs cannot be excluded either. This may affect large companies and organisations in particular, as information desired by professional hackers is stored at government agencies, banks, or military institutions. And considering the volume of possible AETs - 2 to the power of 180 - there is not a network that features 100% protection against AETs at this time, as the search for the right AET combination is roughly equivalent to searching for a grain of sand in 500,000 milky ways.

Stonesoft does not wish to cause panic with the discovery of AETs. However, we urgently recommend that the threat that AETs pose to IT systems should be taken seriously and addressed. At this time, most security systems are helpless in the face of an AET attack and have to be extensively revised accordingly. Alone patch management or the addition of signature databases as a solution is not enough. For this reason, it is even more important that IT security providers work together to jointly develop effective protection against AETs, before hackers utilise this method in a big way. We would like to actively drive this issue forward and have set up an open community platform with the objective of facilitating the mutual exchange of information and answering questions, both for security experts as well as companies.
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo