Stonesoft finds new threat to company computer networks

Oct 18, 2010
Stonesoft logo. The Finnish company Stonesoft said Monday it had found new techniques that bypass current security systems which cyber-criminals could use to gain access company productivity applications.

The Finnish company Stonesoft said Monday it had found new techniques that bypass current security systems which cyber-criminals could use to gain access company productivity applications.

Stonesoft said that as a result of the advanced evasion techniques (AETs) "companies may suffer a significant data breach including the loss of confidential corporate information."

In addition these AETs "could be used by organised crime and cyber-terrorists to conduct illegal and potentially damaging activities," the company said in a statement.

These AETs are a sort of "stealth plane that isn't detectable by radar and which leaves the door open to and gives them the time and leisure to test various vulnerabilities" in corporate systems, Stonesoft's director in France and the Benelux countries Leonard Dahan told AFP.

By bypassing today's network systems the AET's provide cyber-criminals with a "master key" to access vulnerable systems such as customer relationship management (CRM) and enterprise resource planning (ERP) applications, said the company.

Stonesoft said it had notified CERT-FI, which is charged with globally coordinating response to vulnerabilities among network security vendors and ICSA Labs which offers third-party testing and certification of security products and network-connected devices.

Dahan said that "given the enormity of what has been discovered, it is important for Stonesoft that one can work together with other R and D teams to move as quickly as possible to develop solutions."

"When one looks at the news over the past 10 months, such as a student who managed to penetrate NASA's network or that one can gain control of Siemens systems in Iran by bypassing all known security systems, that is because hackers use evasion techniques that are not detectable today..." said Dahan.

A self-replicating piece of malware called Stuxnet was publicly identified in June lurking on Siemens industrial systems, particularly in Iran, India, Indonesia and Pakistan.

Analysts say Stuxnet may have been designed to target Iran's nuclear facilities, especially the Russian-built first atomic power plant in the southern city of Bushehr.

Explore further: Meerkat vs. Periscope: Live-streaming app battle & buzz

add to favorites email to friend print save as pdf

Related Stories

Stuxnet worm rampaging through Iran: IT official

Sep 27, 2010

The Stuxnet worm is mutating and wreaking further havoc on computerised industrial equipment in Iran where about 30,000 IP addresses have already been infected, IRNA news agency reported on Monday. ...

World's first 'cyber superweapon' attacks China

Sep 30, 2010

A computer virus dubbed the world's "first cyber superweapon" by experts and which may have been designed to attack Iran's nuclear facilities has found a new target -- China.

Recommended for you

Meerkat vs. Periscope: Live-streaming app battle & buzz

Mar 27, 2015

Download Periscope, Twitter's just-launched live video-streaming app, and you'll find people broadcasting all sorts of mundane stuff: waiting for AT&T to fix their wiring, getting out of bed in Silicon V ...

Twitter chief vows to help Indonesia fight disasters

Mar 26, 2015

Twitter chief Dick Costolo said Thursday the microblogging site planned to work with Indonesian authorities to warn people about natural disasters that regularly hit the archipelago, from earthquakes to volcanic ...

EU unveils ambitious overhaul of digital economy

Mar 25, 2015

The EU unveiled an ambitious plan to overhaul Europe's fragmented digital landscape on Wednesday that would allow Europeans traveling in other bloc countries to get their Netflix film fix or watch BBC iPlayer ...

User comments : 1

Adjust slider to filter visible comments by rank

Display comments: newest first

FCCIII
not rated yet Oct 18, 2010
Smells like spam.

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.