Monday, March 31, 2014

AET - Dirty little secret weapons used by hackers.


Not in-depth but one of the few articles that talks about AET and offers a few pointers for protection.



According to the article:- 

Advanced Evasion Techniques - Weapons hackers use to bypass security systems and penetrate even the most locked-down networks

Because of the debate about the very existence of AETs, hackers continue to use these techniques successfully to exfiltrate information. This confusion allows hackers to further invest in increasingly sophisticated attacks, while staying “under the radar” even longer, resulting in damaging and costly data breaches

AETs are used by well-resourced, motivated hackers to execute APT attacks. While the AET is not an attack by itself, as the bits of code in the AET are not necessarily malicious, they are used to disguise an attack. The danger lies in that AETs provide the attacker with undetectable access to the network. By developing a set of dynamic AETs, the hacker creates a “master key” to penetrate any locked-down network to exploit and compromise their vulnerable target victims. 

AETs use a combination of evasion techniques, such as fragmentation and obfuscation, to bypass network security controls like firewalls and intrusion prevention systems (IPSs). AETs work by splitting up malicious payloads into smaller pieces, disguising them, and delivering them simultaneously across multiple and rarely used protocols. Once inside, AETs reassemble to unleash malware and continue an APT attack


Most network security systems on the market—IPS, intrusion detection system (IDS), unified threat management (UTM), and even next-generation firewalls— do not have the technology built-in to stop evasions, since they only analyze single-protocol layers and inspect individual segments. Finding a known exploit is easy—but finding AETs requires full-stack traffic analysis and normalization, protocol by protocol. This deep inspection requires a great deal of processing power, which can create a hit to throughput performance of some network security solutions. 


The false sense of security could be caused by publicized industry benchmarking tests on AET detection that some vendors prepare for in advance. These vendors, in turn, use the favorable, yet skewed, results to create the perception that they can identify evasions. One such vendor claims they can protect against only 60 AETs when more than 800 million known AET variants have been identified to date



Five Key Requirements of an AET Solution
  1. Protection against increasingly sophisticated threats
  2. Detailed, real-time inspection
  3. High availability
  4. Correlation capabilities and network visibility
  5. Simplicity and ease of management


You can download the full document (PDF) here-

No comments:

Post a Comment