Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Network Security

McAfee Says CIOs in The Dark on Advanced Evasion Techniques

Report Examines the Role and Cost of Advanced Evasion Techniques in 
Recent High Profile Data Breaches

Report Examines the Role and Cost of Advanced Evasion Techniques in 
Recent High Profile Data Breaches

A new report released by McAfee aims to address the controversy and confusion surrounding Advanced Evasion Techniques (AETs), and the role that they play in Advanced Persistent Threats (APTs).

AETs are methods of disguise used to discreetly penetrate networks and deliver malicious payloads, McAfee explains, noting that with AETs, an attacker can split apart an exploit into pieces, bypass a firewall or IPS appliance, and once inside the network, reassemble the code to unleash malware and continue an APT attack.

McAfee and research firm Vanson Bourne surveyed 800 CIOs and security managers from around the world to better understand how hackers are using AETs in advanced attacks.

“While AETs are not a secret among the hacking community—where they are well known and have been in widespread use for several years—there are misunderstandings, misinterpretation, and ineffective safeguards in use by the security experts charged with blocking AETs,” McAfee said in its report.

According to McAfee, there are an estimated 800 million known AETs, and the prevalence of these techniques has spiked since 2010 with millions of combinations and modifications of network based AETs having been identified to date.

In the survey, more than one in five CIOs admitted that their network was breached (22 percent), and nearly 40 percent of those breached believe that AETs played a key role.

According to the report, nearly 40 percent of survey respondents said they do not believe their organization has methods to detect and track AETs. Furthermore, nearly two thirds said that the biggest challenge when trying to implement technology against AETs is convincing the board they are a real and serious threat.

Advertisement. Scroll to continue reading.

Finnish firewall maker Stonesoft, which McAfee acquired in May 2013 for $389 million in cash, has been beating the drum about AETs for years. 

“Because of the debate about the very existence of AETs, hackers continue to use these techniques successfully to exfiltrate information,” the report said. “This confusion allows hackers to further invest in increasingly sophisticated attacks, while staying “under the radar” even longer, resulting in damaging and costly data breaches. The longer the industry continues to debate the existence of AETs, the longer businesses will be vulnerable to them.”

Diagram of Advanced Evasion Technique Process

“Many organizations are so intent of identifying new malware that they are falling asleep at the wheel toward advanced evasion techniques that can enable malware to circumvent their security defenses,” said Jon Oltsik, senior principal analyst, Enterprise Strategy Group. “AETs pose a great threat because most security solutions can’t detect or stop them. Security professionals and executive managers need to wake up as this is a real and growing threat.”

According to McAfee, AETs are under-reported and not well understood because in some paid tests, vendors are given the chance to correct for them. As such, McAfee says, only the specific techniques identified are corrected for, and not the broader techniques that are rapidly updated and adapted by criminal organizations.

“Hackers already know about advanced evasion techniques and are using them on a daily basis,” said Pat Calhoun, general manager of network security at McAfee. “What we’re hoping to do is educate businesses so they can know what to look for, and understand what’s needed to defend against them.”

Knowing the role that AETs play in an APT attack is critical protecting an organization, McAfee said.

“Understanding the difference between APTs and AETs, and being able to visualize the threat landscape, will help mitigate the risk to the network and the company,” the report concluded.

A full copy of the report in PDF format is available online

Written By

For more than 15 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Cyberwarfare

Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Network Security

A zero-day vulnerability named HTTP/2 Rapid Reset has been exploited to launch some of the largest DDoS attacks in history.