All network security equipment, the strongest of which is used by the financial industry, is exposed to a new kind of online attack, Finnish data security vendor Stonesoft said on Monday. Stonesoft said it has found a new threat category -- advanced evasion techniques (AETs) -- which simultaneously combine different evasions in several layers of networks, and in the process become invisible for security gear. While evasions -- tools hackers often use to penetrate network security -- are nothing new, AETs package them in new ways to let attackers bypass most firewalls and intrusion detection and prevention systems (IPS) without being detected.
This could give them access to data on secure corporate networks and allow them to plant further attacks. "From the point of view of cybercriminals and hackers, advanced evasion techniques work like a master key to anywhere," said Klaus Majewski, business development chief at Stonesoft. "Current protection against advanced evasion techniques is next to zero. This is a new thing and there is no protection against it currently," Majewski said.