Report Examines the Role and Cost of Advanced Evasion Techniques in Recent High Profile Data Breaches
A new report released by McAfee aims to address the controversy and confusion surrounding Advanced Evasion Techniques (AETs), and the role that they play in Advanced Persistent Threats (APTs).
AETs are methods of disguise used to discreetly penetrate networks and deliver malicious payloads, McAfee explains, noting that with AETs, an attacker can split apart an exploit into pieces, bypass a firewall or IPS appliance, and once inside the network, reassemble the code to unleash malware and continue an APT attack.
McAfee and research firm Vanson Bourne surveyed 800 CIOs and security managers from around the world to better understand how hackers are using AETs in advanced attacks.
“While AETs are not a secret among the hacking community—where they are well known and have been in widespread use for several years—there are misunderstandings, misinterpretation, and ineffective safeguards in use by the security experts charged with blocking AETs,” McAfee said in its report.
According to McAfee, there are an estimated 800 million known AETs, and the prevalence of these techniques has spiked since 2010 with millions of combinations and modifications of network based AETs having been identified to date.
In the survey, more than one in five CIOs admitted that their network was breached (22 percent), and nearly 40 percent of those breached believe that AETs played a key role.
According to the report, nearly 40 percent of survey respondents said they do not believe their organization has methods to detect and track AETs. Furthermore, nearly two thirds said that the biggest challenge when trying to implement technology against AETs is convincing the board they are a real and serious threat.
Finnish firewall maker Stonesoft, which McAfee acquired in May 2013 for $389 million in cash, has been beating the drum about AETs for years.
“Because of the debate about the very existence of AETs, hackers continue to use these techniques successfully to exfiltrate information,” the report said. “This confusion allows hackers to further invest in increasingly sophisticated attacks, while staying “under the radar” even longer, resulting in damaging and costly data breaches. The longer the industry continues to debate the existence of AETs, the longer businesses will be vulnerable to them.”
“Many organizations are so intent of identifying new malware that they are falling asleep at the wheel toward advanced evasion techniques that can enable malware to circumvent their security defenses,” said Jon Oltsik, senior principal analyst, Enterprise Strategy Group. “AETs pose a great threat because most security solutions can’t detect or stop them. Security professionals and executive managers need to wake up as this is a real and growing threat.”
According to McAfee, AETs are under-reported and not well understood because in some paid tests, vendors are given the chance to correct for them. As such, McAfee says, only the specific techniques identified are corrected for, and not the broader techniques that are rapidly updated and adapted by criminal organizations.
“Hackers already know about advanced evasion techniques and are using them on a daily basis,” said Pat Calhoun, general manager of network security at McAfee. “What we’re hoping to do is educate businesses so they can know what to look for, and understand what’s needed to defend against them.”
Knowing the role that AETs play in an APT attack is critical protecting an organization, McAfee said.
“Understanding the difference between APTs and AETs, and being able to visualize the threat landscape, will help mitigate the risk to the network and the company,” the report concluded.
A full copy of the report in PDF format is available online.

For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.
More from Mike Lennon
- Watch Now: Threat Detection and Incident Response Virtual Summit
- Registration Now Open: 2023 ICS Cybersecurity Conference | Atlanta
- NetRise Adds $8 Million in Funding to Grow XIoT Security Platform
- Virtual Event Today: Zero Trust Strategies Summit
- Virtual Event Tomorrow: Zero Trust Strategies Summit
- Watch: How to Build Resilience Against Emerging Cyber Threats
- Video: How to Build Resilience Against Emerging Cyber Threats
- Webinar Today: Understanding Hidden Third-Party Identity Access Risks
Latest News
- In Other News: AI Regulation, Layoffs, US Aerospace Attacks, Post-Quantum Encryption
- Blackpoint Raises $190 Million to Help MSPs Combat Cyber Threats
- Google Introduces SAIF, a Framework for Secure AI Development and Use
- ‘Asylum Ambuscade’ Group Hit Thousands in Cybercrime, Espionage Campaigns
- Evidence Suggests Ransomware Group Knew About MOVEit Zero-Day Since 2021
- SaaS Ransomware Attack Hit Sharepoint Online Without Using a Compromised Endpoint
- Google Cloud Now Offering $1 Million Cryptomining Protection
- Democrats and Republicans Are Skeptical of US Spying Practices, an AP-NORC Poll Finds
