Hackers may have advanced evasion techniques
Connecting state and local government leaders
A Finnish security firm has discovered "Advanced Evasion Techniques" that may allow hackers to escape most common security systems.
An independent laboratory has confirmed a Finnish security firm's reported discovery of new evasion techniques that can allow hackers undetected access to key target systems, defeating the most common security systems.
Engineers at Stonesoft, based in Helsinki with U.S. headquarters in Atlanta, first discovered the Advanced Evasion Techniques, according to the company. Stonesoft executives provided their information to ICSA Labs, an independent division of Verizon Business, which confirmed the findings.
"Essentially, AETs provide today’s cyber criminals with a master key to access any vulnerable system, such as ERP and CRM applications, by bypassing today’s network security systems," Stonesoft executives wrote in an announcement. "As a result, companies may suffer a significant data breach, including the loss of confidential corporate information. Additionally, these types of AETs could be used by organized crime and cyber terrorists to conduct illegal and potentially damaging activities."
In an entry on ICSA's blog, ICSA network Intrusion Prevention System program manager Jack Walsh described the lab's role in confirming the findings.
"As an independent, unbiased third-party testing organization with more than 20 years experience in the testing business, we sometimes get calls asking us to confirm the findings of organizations," Walsh wrote. "And so it was with the Stonesoft AET discoveries. David Koconis, who leads our vulnerability research team here at ICSA Labs, was among those able to confirm that the AETs, when coupled with attacks, really do evade many well-known commercial IPS systems."
Stonesoft also provided its findings to Finland’s Computer Emergency Readiness Team.
Walsh and Mark Boltz, senior solutions architect at Stonesoft, will host a conference call for anyone interested. The call will take place Oct. 26 at 11 a.m. Eastern time. More information on the call is available here.
NEXT STORY: Cyber 'epidemic' grows more urgent