Stonesoft claims new attack vectors blast hole in IT security defences

The interesting claim was made this week by Ikka Hiidenheimo, the CEO of Scandinavian IT security company, Stonesoft, who told Infosecurity that normal behaviour analysis technology does not work against the new packet-based attack vector.

These AET threats, he claims, significantly extend what is known today about evasion techniques. The details of the discovery have been shared with CERT-FI in Finland for vulnerability co-ordination purposes and validated by ICSA Labs.

According to Stonesoft, AETs provide cybercriminals with a master key to access any vulnerable system such as ERP and CRM applications by bypassing conventional security defences.

"Even a multilayered IT security technology does not solve the problem", he said, adding that cloud-based signature databases won't counter the new security threat either.

Do the claims of a totally new attack vector stack up?

It's difficult to say, Infosecurity notes, but perhaps the best analysis comes from John E Dunn, a technical writer with Techworld, who says this may be the reason why the latest hacker attacks are getting through company IT defences.

It is, says Dunn, a contentious claim and the evidence is hazy, but does it stand up?, he also asks.

"Just about, although the hard-to-assess bit is whether such attacks have actually been used to do any real damage. It's also fair to point out that PCs are often the biggest target in many attacks and these don't necessarily require fancy hacking to reach out to", he said.

The role of AETs, he goes on to say, is to probe for vulnerable servers and other systems in an industrial and automated way without being detected by security systems.

In Stonesoft's analysis, he notes, the range of AETs being employed against networks is far greater than previously believed, and they are being combined in complex, multi-protocol probes that firewalls cannot see.

"If accurate, this sounds significant. It means that every firewall in the world is unable to detect probes used to hunt down servers vulnerable to the application-layer exploits that fuelled major cyber-infrastructure incidents of recent times such as Stuxnet and this year's Aurora attacks on Google and others", he concludes.

What’s Hot on Infosecurity Magazine?