Security Connected

Industry Experts Speak Out on Advanced Evasion Techniques

By on Jun 26, 2014

You may have heard McAfee refer to Advanced Evasion Techniques (AETs) as the “security industry’s dirty little secret.” While these threats are well known within the hacking community, security experts charged with blocking them are faced with a flood of misinterpretations, misunderstandings, and ineffective safeguards.

To help shed light on these evasive techniques, we sat down with eight industry experts to talk shop. The result? A visual report that discusses these stealthy security threats at length. AETs… welcome to the spotlight.

First things first — what are AETs?

Advanced evasion techniques, or AETs, are delivery mechanisms used to disguise advanced persistent threats (APTs) and permit them to slip through network security undetected. They work by splitting up malicious payloads into smaller pieces, disguising them, and delivering them simultaneously across multiple and rarely used protocols. Once inside, AETs reassemble to unleash malware and continue an APT attack. They’re stealthy, hard to track, and effective at what they do.

Who’s at risk?

That’s a good question. According to our pool of experts, large organizations are more likely to be attacked by AETs. As Editor-in-Chief of Help Net Security Mirko Zorz put it, “Cybercriminals are either after money, or information that they can turn into money. Big companies have more of both.”

Did you know?

While social engineering continues to be a popular tactic for initiating attacks on an enterprise level, 76% of data breaches involve exploiting weak or stolen credentials.

Screen Shot 2014-06-26 at 1.52.28 PM

According to Ed Kovacs, Security News Editor at Softpedia, “Cybercriminals have two options. First, they can try to exploit the weakest link in the chain, namely humans. Social engineering is still a successful tactic. On the other hand, they can try to come up with ways to evade these new types of security systems. This is where AETs come in.”

So, what’s being done?

Many experts we spoke with believe that awareness of the threat posed by AETs is alarmingly low, with fewer than 50% of CIOs and security managers being able to identify or define them.

Faced with the prospect of constant escalation, the experts suggest that the solution moving forward involves both a focus on security fundamentals and a willingness to break the cycle. In a nutshell? It means changing the rules. In the words of Frank Underwood from House of Cards, “If you don’t like how the table is set, turn over the table.”

For more from our influencers, and a visual look at What’s Next with Advanced Evasion Techniques, check out the full report.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>