GhostNet highlights evolving threat environment

Attacks are increasingly sophisticated and targeted, making them difficult to defend against.

The high-profile disclosure over the weekend of the GhostNet cyberespionage ring that targeted 1,295 computers in more than 100 countries underscores how highly targeted and sophisticated attacks, often run by criminals, are changing the security landscape, according to a security researcher at Symantec.

"How much is the landscape changing? It's changing drastically," said Joe Pasqua, vice president of research at Symantec Research Labs.

GhostNet, documented in a report released on Sunday by the SecDev Group's Information Warfare Monitor and the Munk Center for International Studies at the University of Toronto, used malware and social engineering to give attackers full access to compromised computers. It also let attackers control the video cameras and microphones of these computers, letting them remotely monitor activity in the room where the computer was located.

"It's another example of the sophistication of the types of attacks that are being put together," Pasqua said.

The highly targeted nature of GhostNet and similar attacks makes it difficult for antivirus vendors to respond quickly.

"In the old days, you had a threat that targeted hundreds of thousands of people. It was extremely likely that Symantec was going to have a copy of it very early on and the vast majority of those hundreds of thousands of people were going to be protected," Pasqua said. "Now you have these targeted attacks that may only target a handful of people."

"By the time we get a sample, it can be too late. They've already gone and morphed into another variant," he said. "There's no end in sight."

While there has been a lot of speculation that GhostNet was developed and controlled by the Chinese government, criminal groups are just as likely to be responsible for these types of attacks.

"The profile of the attackers has completely changed over the last few years and has gone from vandals, kids looking to have some fun and make a reputation for themselves, into a very economically motivated body of attackers," Pasqua said. "They are getting more sophisticated in what they're doing and, furthermore, they are acquiring larger resources."

To help counter the changing security threat, Symantec Research Labs is developing security technologies that are based on virtualization or use reputation to separate trusted Web sites and servers from machines that could pose a threat.

"My team is also doing advanced research in behavioral analysis as well as automatic signature generation," Pasqua said.

Symantec's aim is to match the automated generation of new malware variants by attackers. "Instead of fingerprinting specific pieces of malware, in essence we fingerprint these behaviors," he said.

Technical measures alone can't stop determined attackers. In the case of GhostNet, social engineering was a key component of the attack, used to trick users into downloading malware without their knowledge. This is an area where companies and individuals need to take steps to protect themselves.

"Education is an important thing, getting the word out on good hygiene and good behavior for users on the Internet is important for everyone," Pasqua said.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags espionageghostnet

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Sumner Lemon

IDG News Service
Show Comments

Cool Tech

SanDisk MicroSDXC™ for Nintendo® Switch™

Learn more >

Breitling Superocean Heritage Chronographe 44

Learn more >

Toys for Boys

Family Friendly

Panasonic 4K UHD Blu-Ray Player and Full HD Recorder with Netflix - UBT1GL-K

Learn more >

Stocking Stuffer

Razer DeathAdder Expert Ergonomic Gaming Mouse

Learn more >

Christmas Gift Guide

Click for more ›

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?