Stonesoft: Cybercriminals Are Able to Deliver Advanced Evasion Techniques Across HTTP Protocol

Stonesoft Press Release, Helsinki, Finland — October 4, 2011 — Network security vendor Stonesoft has today announced the discovery that Advanced Evasion Techniques are deliverable across the port-80, HTTP protocol, making them a very real and credible threat to the security of organisations worldwide.

Stonesoft announced its discovery of Advanced Evasion Techniques (AETs) in October 2010. AETs are essentially a new category of cyber-attacks, which provide cybercriminals with a master key to access vulnerable systems. Using AETs, malware can be disguised so it looks safe and then delivered past security appliances completely undetected.

Since the initial discovery Stonesoft has carried extensive research into the threat category and is currently the lead researcher in that area.

The most recent discovery reveals that AETs can also be deployed across the HTTP protocol and will not be blocked by Firewalls. Until recently, AETs have been viewed as an internal threat which only operate inside a network and only affect IPS appliances. However, this recent research has revealed they can also bypass firewalls and be deployed externally across web traffic.

“We are increasingly seeing evidence of AETs being used in the wild and the threat they pose to organisations worldwide is growing. Recent research has revealed that AETs are deliverable across HTTP protocol, amongst others, and this essentially means that any company with a connection to the internet is at risk of the threat. There seems to be a common misconception that AETs are an internal threat but this has been proven not to be the case. It is important to note when AETs are delivered via HTTP (web) they are able to bypass Firewalls and IPS devices, this is clear evidence that they can originate and be deployed from outside the corporate network,” said Professor Andrew Blyth, Head of Advanced Technology at The University of Glamorgan, UK.

This revelation makes the threat posed by AETs more real than was previously estimated. Stonesoft urges network security vendors to wake up from their complacency.

Stonesoft is currently working closely with the University of Glamorgan in the United Kingdom in order to carry out academic and field research into Advanced Evasion Techniques. For more information, please read the press release: http://www.stonesoft.com/en/press_and_media/releases/en/2011/04102011.html

For more information about AETs, please visit  www.stonesoft.com and www.antievasion.com.