The discovery is a potentially major one, Infosecurity notes, as Port 80 is now used by a wide variety of software as a communications vehicle, making the task of monitoring IP traffic on this port all the more difficult.
As reported in October of last year, AETs are essentially a new category of cyber-attacks, which provide cybercriminals with a new methodology of accessing vulnerable systems. Using AETs, Stonesoft says that malware can be disguised so that it looks safe and past through security appliances and software completely undetected.
According to the security vendor, up until this point, AETs have been viewed as an internal threat which only operate inside a network and only affect IPS appliances. However, the firm adds, the discovery of Port 80 HTTP-delivered AETs means they can also bypass firewalls and be deployed externally across web traffic.
Commenting on the discovery, Professor Andrew Blyth, head of advanced technology at The University of Glamorgan - with whom Stonesoft has been working on its research – said that he and his team are increasingly seeing evidence of AETs being used in the wild and the threat they pose to organisations worldwide is growing.
“Recent research has revealed that AETs are deliverable across HTTP protocol, amongst others, and this essentially means that any company with a connection to the internet is at risk of the threat. There seems to be a common misconception that AETs are an internal threat but this has been proven not to be the case”, he said.
“It is important to note when AETs are delivered via HTTP they are able to bypass firewalls and IPS devices, this is clear evidence that they can originate and be deployed from outside the corporate network”, he added.