According to the Scandinavian IT security vendor, the new samples include AETs over a number of various internet protocols, including IPv4, IPv6, TCP and HTTP.
Since the discovery of AETs a year ago, Stonesoft said it has continued extensive research in the area and now delivered to CERT-FI (the Finnish national computer security incident response team) a new set of 163 AET samples for global vulnerability coordination.
The new set, the vendor added, consists of 54 atomic (standalone) evasions and 109 combinations that can be further combined with each other or with the evasions in the previous releases to create new AETs.
These, noted Stonesoft, also work efficiently also IPv6, which results in increased security risks and challenges.
In its tests, the company said that the latest samples of AETs have successfully bypassed most IPS devices currently on the market. And, the vendor added, with the number of AETs and their potential combinations constantly growing, building efficient protection against them requires profound understanding of network traffic.
Despite this, Stonesoft claimed that most network security vendors still have not understood where the AET problem lies.
Ilkka Hiidenheimo, the firm's founder and CEO, explained that network security vendors have had more than a year to develop their security systems against the AET attacks, but – unfortunately – the industry still has not seen much success in this area.
“Very few vendors have truly understood the magnitude of the problem, while some are struggling to provide some kind of protection. Most of the vendors who acknowledge the problem are incapable of building a working solution – instead, they are keeping themselves busy doing temporary and inflexible fixes”, he said, adding that the rest just ignore the issue and do nothing.
Stonesoft argued that network security should be regarded as a dynamic, constantly evolving process. A security vendor that still uses ten year old protocol normalization methods in order to look for exploits or other malicious activities is prone to miss the contemporary, that is, AETs.
Against this backdrop, the vendor said that core functionality of the protocol parsing cannot be static – instead, it has to evolve in order to meet the constantly changing threats.
And, whilst new exploits, vulnerabilities and even attack vectors are constantly discovered and must be addressed quickly by the security products, the new evasions require equally dynamic and fast responses.