Finnish firm finds hard-to-detect online attacks

HELSINKI Mon Oct 18, 2010 4:01am EDT

Related Topics

HELSINKI (Reuters) - All network security equipment, the strongest of which is used by the financial industry, is exposed to a new kind of online attack, Finnish data security vendor Stonesoft said on Monday.

Stonesoft said it has found a new threat category -- advanced evasion techniques (AETs) -- which simultaneously combine different evasions in several layers of networks, and in the process become invisible for security gear.

While evasions -- tools hackers often use to penetrate network security -- are nothing new, AETs package them in new ways to let attackers bypass most firewalls and intrusion detection and prevention systems (IPS) without being detected.

This could give them access to data on secure corporate networks and allow them to plant further attacks.

"From the point of view of cybercriminals and hackers, advanced evasion techniques work like a master key to anywhere," said Klaus Majewski, business development chief at Stonesoft.

"Current protection against advanced evasion techniques is next to zero. This is a new thing and there is no protection against it currently," Majewski said.

Security experts at ICSA Labs, part of Verizon Communications Inc, have tested the new evasions and have found the risk is real.

"In most of the cases IPSs were unable to detect the attack," said Jack Walsh, program manager for intrusion detection and prevention at ICSA Labs.

"It's unlikely that really any network security vendor is aware of such evasions."

While finding protection from a new attack might sometimes take time, security vendors can usually find it and update defenses relatively quickly.

The problem with advanced evasion techniques is not just new attacks, but that AETs can create millions of combinations from a few dozen different evasions.

Stonesoft has alerted authorities about its findings, and it thinks others have also likely found similar technologies.

"I am sure there are other research organizations studying this, but if they are on the wrong side of the law, they would not announce this. It's too good a tool to use," Majewski said.

When small-cap Stonesoft first came out on October 4 with a statement on the new threat category it had found, its shares jumped 20 percent. They have since retreated but are still up 9 percent since then.

Two weeks ago it did not unveil details of its findings.

Evasions in general have been known and used in the online world since the 1990s.

"A lot of what attackers are doing today is about evasion at various levels," said Amichai Shulman, chief technology officer at data security firm Imperva.

"There is substantial vigilance out there. You just cannot make plain vanilla attacks and not expect to get caught. It's a constant cat and mouse game," Shulman said.

(Editing by Michael Shields)

FILED UNDER: