Cyber criminals are becoming even more elusive with their techniques, using new methods that pose threats some PC security standards have yet to address.
Security firm Stonesoft recently discovered “advanced evasion techniques,” or AETs, that cyber criminals use to get around firewalls or other protective measures. These methods are particularly dangerous to businesses, as they exploit certain enterprise software and applications to gain access to sensitive, protected data.
However, the firm stressed that these methods could spread to other cyber criminals and organizations that may apply them to more dangerous systems, including the Stuxnet and Zeus malware that have threatened national security and stolen millions of dollars.
“We have reason to believe that we have seen just the tip of the iceberg,” said Juha Kivikoski, chief operating officer at Stonesoft. “The dynamic and undetectable nature of these advanced evasion techniques has the potential to directly affect the network security landscape.”
Many current security standards do not address the format of AETs, leaving their systems vulnerable to advanced malware attacks.
“Field tests and experimental data show many of the existing network security solutions fail to detect AETs and thus fail to block the attack inside,” Stonesoft’s report said. “With only a select few products available to provide protection, organizations may be challenged to protect their systems quickly.”
However, the finding does pose a significant contribution to future web security solutions, as anti-malware software developers can apply their upcoming products to address these recently discovered cyber crime formats.
“The industry is facing a non-stop race against this type of advanced threats and we believe only dynamic solutions can address this vulnerability,” Kivikoski said.
The discovery signifies a similar breakthrough to prior malware systems. While new developments will not eliminate the threat of AETs in the wild, they will safeguard individual systems against infiltration. In the past, security developers have addressed successful, complex cyber crime methods and generated solutions to keep these threats out of protected computers. For example, the Conficker worm was discovered in 2008 as particularly successful malware that spread itself throughout devices connected in a similar network. Although a recent study found Conficker remains the most commonly found worm in the wild, most anti-malware software solutions safeguard computers from the threat associated with it, which generally target unprotected computers.
Security experts advise updating anti-malware software as new developments are released, in an effort to keep pace with the methods and techniques cyber criminals come up with.